Samsung Keyboard Bug Leaves Your Private Data Exposed to Hackers

If you are using the Samsung Android keyboard on your phone, you might consider changing that. A recent vulnerability on the keyboard that is active on over 600m devices worldwide could allow a hacker take full charge of your tablet or smartphone.

The Achilles is the daily or weekly trending phrase update. The keyboard connects to the web frequently to download the latest trending phrases and language updates that will make typing faster and more natural.

Since the keyboard has the Samsung’s private key signature and runs on the most powerful privilege mode, system user, anyone manipulating this bug will have more control over your phone than you do unless you have rooted your phone.

Even though Ryan Welton of NowSecure discovered the bug over 6 months ago, We aren’t sure if Samsung has done anything about it yet. However, the fact that they requested NowSecure and Android Security to keep the bug secret as they develop a patch means a lot.

We can’t really tell if your current Samsung phone is running on a patched keyboard or not.

Since you cannot uninstall or disable the buggy app, your only hope is to assume that Samsung rolled out the patch in your latest firmware upgrade or assume that no hacker would be interested in using your Samsung phone.

The extent of the hack…

Once a hacker infects your Samsung phone during the automated language updates, he or she will have complete control over a variety of functionality. The hacker can track you using the phone’s GP, listen in using your microphone or record using your camera. The most disturbing aspect of the bug is it lets your attacker access everything that is stored within your phone.

There is little you can do to stay safe

Since the Samsung keyboard runs in the background even when disabled, there is very little you could do to stay safe.

  • You could root your phone and use the root privileges to uninstall the app
  • Keep of Wi-Fi networks you don’t trust as these are the simplest attack launch platforms

Most of the Samsung devices are victim to this bug. The most notable are the latest Galaxy S models, including your S6, S5 and S4.

 

Add Comment

This blog is kept spam free by WP-SpamFree.