A major security flaw has plagued Samsung Galaxy devices recently, which eventually pushed mobile security organizations to raise a red flag as it will likely affect 600 million Samsung users worldwide, Security Watch reported on Tuesday.
The flaw has originated from a pre-installed keyboard, which reportedly allows hackers posing as privileged system users to do a remote execution of malicious codes in the Samsung Galaxy S4, S5 and the recent Samsung flagship smartphone, the Galaxy S6. The reported security flaw was discovered by Ryan Welston, a mobile security researcher from NowSecure, according to Security Watch.
Time reports that Samsung's virtual keyboard with a word-prediction technology developed by Swiftkey might have been compromised since Swiftkey does not encrypt the updated files it receives. Thus, it makes Samsung Galaxy users vulnerable to hackers.
NowSecure explains that once hackers control the smartphone's system, they can manipulate the phone's sensors and resources like camera, microphone and GPS. Aside from these, the hackers can also install third-party applications that may eventually invade the phone owner's privacy or tamper the security and personal information stored in the smartphone.
In response to this serious security flaw, Samsung announced that it will immediately roll out a security fix to resolve the problem for affected Samsung devices, a report from BGR said. According to the same website, Samsung Galaxy users will have to "agree" to receive the security update. The reported security fix update can be manually or automatically retrieved by modifying the Security Settings in the smartphone.
"While Samsung began providing a patch to mobile network operators in early 2015, it is unknown if the carriers have provided the patch to the devices on their network. In addition, it is difficult to determine how many mobile device users remain vulnerable, given the devices' models and number of network operators globally," says NowSecure regarding the security issue, as quoted in the Security Watch report.
Samsung claims that there were no reported cases of hacks or security issues since June 16, but it vowed that a security fix will be rolled out soon.
