Almost 600 million Samsung devices are left vulnerable to attackers as a security flaw has been discovered on its SwiftKey keyboard. (via GSM Arena)
"We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days," a NowSecure spokesperson confirmed.
NowSecure discovered a bug on the pre-installed keyboard allowing possible attackers to read and listen to conversations, acquire personal data and remote the device without the user's knowledge which allows 'control to the user's network traffic to execute arbitrary code on the user's phone,' GBC reported.
"The vulnerability is triggered automatically (no human interaction) on reboot as well as randomly when the application decides to update [its language packs]," the company wrote on its blog.
The security firm said that it already alerted the Korean tech giant. US Computer Emergency Readiness Team (CERT) and Google in December 2014.
In response, Samsung claimed that it already released a patch to fix this issue, but NowSecure believes that some Samsung devices are still vulnerable like Samsung Galaxy S6, S5, S4 and S4 mini on major U.S. carriers, including Verizon, AT&T, Sprint and T-Mobile. (via Forbes)
Since the SwiftKey keyboard cannot be uninstalled, Samsung device owners are advised to use a different third party keyboard for the mean time which can be downloaded on Play Store and Apple and avoid connecting to unsecured wi-fi connections.
While a rep from SwiftKey confirmed that its third party keyboards were not affected of this vulnerability.
"We've seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available viaGoogle Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further," a SwiftKey spokesperson said.