A Samsung Galaxy keyboard app is now a huge security flaw

Android's fragmentation has left many devices vulnerable.

Mar 1, 2020, 1:20 am*

Tech

 

Mike Wehner

If you’re a Samsung fan who has updated their smartphone recently you might be at risk of a whole suite of issues thanks to an oversight relating to the keyboard software on newer model Galaxy smartphones. The vulnerability, discovered by security guru Ryan Welton at NowSecure, the issue could leave you open to attack.

According to NowSecure, the vulnerability stems from the fact that a pre-installed keyboard that comes on many Galaxy phones checks for updates using an unencrypted connection. Because of this, a remote user can gain access to crucial system features.

Using the keyboard flaw like a window into the inner workings of a user’s phone, a remote user could install malicious apps, tweak settings, listen in on phone calls, and control phone functions. In short, it’s every smartphone owner’s worst nightmare.

Samsung was initially warned of the issue in late 2014, and while the company has rolled out at least one update to address it, the fragmented nature of Android and the slow carrier update process has left many devices unpatched. 

NowSecure has put together a list of which devices are affected by the flaw, as well as whether a patch has been rolled out to fix each of the phones in question. 

H/T ZDNet | Image via Tsahi Levent-Levi/Flickr (CC BY SA 2.0)

Share this article
*First Published: Jun 17, 2015, 10:00 am