More than 600 million Samsung devices including the latest Galaxy S4, S5, and S6 phones are vulnerable to a bug housed within the built-in keyboard, according to security firm Now Secure.
The predictive text Swift keyboard built into some of Samsung’s latest phones allows an attacker to remotely execute code, according to NowSecure, which uncovered and reported the bug late last year.
Because the SwiftKey keyboard can be tricked to accept a malicious file when the software updates, that virus can access some of the deepest, core parts of the phone’s computer system, claims NowSecure.
According to the Wall Street Journal, Samsung sent a fix to wireless carriers in March. But three months later, when NowSecure tested two new Galaxy S6 handsets from US mobile phone companies Verizon and Sprint, the vulnerability was still there. However, Swift claims the bug does not affect the SwiftKey apps on Google Play or the iTunes App Store.
“We supply Samsung with the core technology that powers the word predictions in their keyboard,” Swift said in a blog post. “It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability.”
For more information go to //www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/