Fatal Error Affects 600 Million. Samsung Smartphones

A serious security flaw in a bundled keyboard affects over 600 million Android smartphones from Samsung.

Over 600 million of the Samsung smartphones running the Android operating system, is potentially vulnerable to a security flaw, which is found in the SwiftKey keyboard that comes with the phones.

So reads it from the security company, NowSecure, which specializes in security on mobiles. Here it turns out that in the preinstalled SwiftKey keyboard for Samsung smartphones is hiding a serious error.

Security hole, as an it-specialist Ryan Welton has discovered, is that the keyboard searching for language packs over an insecure unencrypted line in plain text.

It opens up the possibility that the backers create a fake proxy server to send security updates with malicious code, which remains on the many affected Samsung devices. The security hole can be exploited further away, for instance to read text messages, contacts, banking information and other sensitive personal information, writes Forbes.

Only a software update will fix this error

The immediate thought will therefore be to uninstall the vulnerable Swiftkey-app, but since Samsung præinstallerer it on its Android smartphones, you cannot uninstall it.

Nor will it fix the problem to install Google Play version of the keyboard, which is not affected by the error.In other words, the app that goes under the bloatware that is unwanted and often unnecessary programs that included and which you cannot get rid of.
It turns out now that backfire, after all users now left in the lurch and potentially are vulnerable to the attack. The serious security flaw can therefore only be corrected by Samsung deploys software updates to all 600 million. affected units, which in many cases also first must go through telecommunications companies.

Has been known for a year and a half and still exists

Security hole has even been known since november 2014, where the same company did Samsung’s attention to the serious error. Samsung vowed to deploy software updates for all smartphones with Android OS 4.2 and newer and also made it to the end of March.

Nevertheless, choose Samsung still making use of the same, failed in its latest smartphones SwiftKey-app. At the security event, Blackhat Security Summit, demonstrated Ryan Welton security hole on a Samsung Galaxy S6 on the American Verizon network.

A spokesman from NowSecure tells, that the majority of Samsung smartphones with Android therefore still is affected, which among other things also count Galaxy S3, S4, S5, Note 3 and Note 4.

The normal SwiftKey-app is safe

The error exists only on the Special Edition of SwiftKey, included on the Samsung smartphones with Android. Therefore, if you even have downloaded SwiftKey from Google Play on smartphones from another manufacturer or one from Samsung, where it is not pre-installed, you are not affected by the error.

“We have seen reports of a security issue related to Samsung keyboard. We can confirm that SwiftKey keyboard-accessible Google Play or in the App Store are not affected by this vulnerability. We take reports of this nature very seriously and are investigating at this time closer, “ it sounds.