15:41 GMT08 August 2020
Listen Live
    Get short URL
    0 55

    Your texts, tweets, and photos might not be very secure if you've got a Samsung phone - hackers can get inside and control the phones using a fairly straightforward hack. And Samsung's known about it for months.

    By exploiting a vulnerability in the phones' keyboard software, hackers can pretend to be the server that the phones connect to for updates, enter into the phone and control the camera or microphone, read texts, and install apps. 

    "We supply Samsung with the core technology that powers the word predictions in their keyboard," read a SwiftKey statement. "It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this obscure but important security issue."

    Researchers at mobile technology security firm NowSecure say they discovered the exploit — which could affect up to 600 million phones — and told Samsung about it in November, only going public with their findings now after seeing no progress for months towards fixing the problem. 

    "We have published a webpage to help you find out if you are vulnerable, learn more about how the vulnerability might effect you, and discover ways to reduce your risk. Finally, proof of concept code is available here," NowSecure wrote in an online statement. 

    Since the keyboard software can't be deleted, owners of vulnerable phones are advised to stay off unsecured Wifi networks as Samsung and SwiftKey try to find a solution, though even that precaution won't guarantee protection from this 'man-in-the-middle' hack. NowSecure advises that users contact their carriers for information on software patches. 

    The exploit was discovered in the Samsung version of SwiftKey and is known to work on the Samsung Galaxy S6, the S6 and Galaxy S4 Mini, though it’s suspected that other Samsung devices that use SwiftKey are also at risk. 

    It doesn't matter if a user is actively using the keyboard or not — the phone will still contact a server for updates to software. Normally, there is encryption to make sure the connection to the server is secure, but the Samsung version of SwiftKey seems to lack such protections. 

    SwiftKey has said that the Android and iOS versions of their software are safe. 


    Google, Samsung Legally Unable to Protect Data From NSA Hacking - NGO
    Samsung Denies Recording Communications, Violating US Federal Laws
    British Teen Stabbed His Teacher for Attempt to Confiscate Mobile Phone
    No More Privacy? Fake Phone Towers Used in UK to Intercept Calls
    cell phones, mobile phones, software, hackers, hacker attack, Samsung Galaxy, SwiftKey, Samsung
    Community standardsDiscussion