Samsung certainly has a lot on it’s plate, especially with the keyboard hack that’s affecting it’s Galaxy line. With almost 600 million Samsung customers at risk, the company needs to think of a quick solution before they lose them.
The models affected ranged from the S3 to even the S6. And according to the company that designed the keyboard, SwiftKey, they aren’t to blame. Instead, they point the finger at Samsung for several reasons. In a statement published on their site, they said, “We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue.”
Now, how do hackers get the information? The way it has been explained, the user has to be connected to a compromised wireless network. With the right tools, the hacker can easily access your device, but there’s a catch. In order to gain access to the device, the user’s keyboard has to be conducting a language update on their keyboard. The video linked here was posted on the Washington Post where Watch researcher Ryan Welton presents a demonstration of the hack.
However, it seems that this vulnerability has existed for awhile. CNN mentions that, “Last year, NowSecure researchers discovered that the SwiftKey keyboard can be tricked to accept a malicious file when the software updates.” And upon knowing that, they informed Samsung of the problem. After nothing was done for seven months, they went public with their findings.
CNN also outlines some of the risks included with this hack. They reported that it “exposes high-level U.S. government officials. Samsung just earned the NSA’s blessing for its Galaxy devices, which were approved for use by government employees. And the latest hack of federal employees — allegedly by the Chinese government — shows they are valuable targets.”
Meanwhile, Samsung has yet to comment publicly on the issue. It’s only a matter of time before they figure out how to correct this. What are your thoughts on this? Anyone see any weird activity on their Samsung devices?