As most of you know, SwiftKey is one of the popular custom keyboard apps for Android. Some of you might remember that Samsung and SwiftKey made a deal which let Samsung bundle the keyboard with all its smartphones under its own skins. NowSecure has revealed that the current version of SwiftKey used in Samsung Galaxy devices has a critical vulnerability.
According to NowSecure’s report, if exploited, a hacker can gain access to the smartphones, monitor it, install malware or be used for personal data theft. According to them, over 600 million Samsung Galaxy smartphones use the keyboard with the aforementioned vulnerability are exposed to the threat.
If exploited, a hacker can gain access to the smartphones, monitor it, install malware or be used for personal data theft
Mobile Security Specialist NowSecure, Ryan Welton, revealed that the pre-installed SwiftKey app can be tricked into downloading language packs over un-encrypted connections in plain text form. Anyone with ill intent can use this trickery to insert malicious code into the language packs and take hold of the Samsung smartphones. The vulnerability reveals everything from the user’s personal data to the attacker without the slightest of clues.
Samsung was informed about the vulnerability in November in 2014. Samsung provided a small patch that fixed the threat on very few of the devices which got updated but most of the devices, especially the low-end and mid-range devices never got the patch and are still under threat from the vulnerability.
Over 600 million Samsung Galaxy smartphones use the keyboard with the vulnerability
Samsung has announced that it will be rolling out an update within the next few days to fix the issue. Samsung has stated that the Knox Security suite will be used to deliver the patch to the users. Samsung has also started working closely with SwiftKey so that nothing like this happens in the future.
The official statement from Samsung states
Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.
SwiftKey users who use the app by installing it from the Play Store or the App Store can continue using the app as that one does not contain the vulnerability. Only the pre-loaded Samsung SwiftKey app is at risk. Samsung users are advised to switch to another keyboard app until a security update patch is pushed to them via an update.