If you use a Samsung smartphone, a pre-installed keyboard could make your device highly vulnerable to hackers. And, for the moment, there is practically nothing you can do about it.
The vulnerability was discovered by Ryan Welton a mobile security specialist at NowSecure. The issue involves problems with the standard pre-installed SwiftKey autofill keyboard which uses an unencrypted line to look for language pack updates.
Welton discovered that by creating a spoof proxy server, a hacker could easily send a fake update to the device containing malicious code. From there, they could eavesdrop on your incoming and outgoing messages as well as your voice calls.
The access would also allow them to view your personal data such as pictures or text messages, modify or tamper with apps, and even install other malicious applications on your phone.
Unfortunately, there is currently no fix since users can’t uninstall the SwiftKey app –which is part of Samsung’s standard bloatware it ships out with their phones, including its new flagship Galaxy lines.
According to the NowSecure, it’s likely that the Galaxy S4 Mini, Galaxy S4, Galaxy S5, and Galaxy S6 are all affected by this security flaw. The company added that it’s unclear which carrier-specific models received updates.
For the moment NowSecure only mentions U.S. carriers, so no one is sure if there are international variants of what some are calling a “massive” security flaw.
So, what should you do?
Since the keyboard cannot be uninstalled, NowSecure warns users to avoid unsecured Wi-Fi networks and/or use a different mobile device.
Samsung has yet to release a statement regarding the issue.
This was originally published on Branding in Asia Magazine.