No hacks from keyboard glitch, Samsung says
Samsung said Friday that no hacks have been reported after a tech security firm reported 600 million Galaxy smartphones had a problematic keyboard.
The South Korean tech giant did not dispute the report from Now Secure and pledged to roll out security updates in the next few days to “invalidate any potential vulnerabilities.”
It also sought to assure customers that hacking, while not impossible, would require a specific set of conditions.
“The likelihood of making a successful attack, exploiting this vulnerability, is low,” the company said.
The risk comes from the keyboard software programmed into Galaxy S6, S5, S4 and S4 mini-models, according to Now Secure. The system can bypass security restrictions, giving hackers access to data.
Hackers who take advantage of the keyboard software, developed by Swift Key, could remotely install malicious apps, eavesdrop on calls and attempt to retrieve pictures and text messages, according to Now Secure.
“Unfortunately, the flawed keyboard app can’t be uninstalled. Also, it isn’t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update,” Now Secure said on its website.
Now Secure said it informed Samsung of the risk in December, and the company responded by providing a security patch to mobile networks early this year.
But Now Secure questioned the success of the measure, writing on its website: “It is unknown if the carriers have provided the patch to the devices on their network. In addition, it is difficult to determine how many mobile device users remain vulnerable, given the device’s models and number of network operators globally.”
What can users do as Samsung ratchets up its security efforts? Don’t use unsecured wireless networks, suggests Now Secure. To be completely safe, use another phone.