Security company NowSecure has some alarming news for 600 million Samsung users globally. The built-in keyboard on Samsung smartphones, might just be a back door access for hackers to break in and take control of your smartphone.
What exactly is the problem?
A security bug has been found in the update mechanism of the software which can allow hackers to gain access while the keyboard looks for language updates daily. Most Samsung Android devices are affected by this, including the latest Galaxy S models.
The device is vulnerable when it is connected to a malicious WiFi network and the keyboard attempts to find updates for trending phrases. This scenario provides hackers with a window to gain complete access to your phone. Having broken in, the hacker can access the GPS, camera and microphone. So before you know it, a stranger might be eavesdropping on your calls and even going through your personal data.
Has it been fixed?
The bug was spotted by NowSecure last year and Samsung was informed about it in December. The security company was asked not to make the news public until Samsung fixed the issue. But even after six months it is still not known if the problem has been rectified.
Samsung is restricted by mobile phone providers to send out updates to users and the extent to which that has been done is still unknown. Even if another keyboard is installed, the user cannot escape the security threat as the keyboard app with the bug cannot be uninstalled or disabled.
Is there a solution?
The problem is a part of Samsung integrating Swiftkey's keyboard engine into its own keyboard software. Swiftkey provides the technology for detecting what the user is trying to type. Installing another third-party keyboard won't help as the Samsung keyboard remains operational.
It it's any relief, a device is vulnerable only when on a malicious network where a hacker is quick enough to notice and attack while the keyboard attempts for an update. For now, all that users can really do is try to be more cautious and stay away from networks where hackers might try and intercept one's device.