Specialists working at the Chicago-based security company NowSecure have recently identified a new vulnerability in SwitfKey, which is a third-party keyboard application. The application itself is pre-installed on more than 600 million Samsung devices, which means that hackers can access a great number of devices and even take over a user’s network traffic to execute the arbitrary code. Specialists claim that this exploit affects not all Samsung devices. According to them, Samsung Galaxy S6, the S6 Edge, and Galaxy S4 Mini are the main devices that are at risk. Of course, there is also a possibility that this exploit might work on different Samsung Galaxy phones because this keyboard application is installed on them. Unfortunately, it seems that there is not much to do for those users who want to protect their devices because Switfkey cannot be disabled or uninstalled. In addition, it can still be exploited even if a user decides not to use it as a default keyboard. This makes the pre-installed Switfkey different from the one that is available at Play store.
The Switfkey vulnerability gets so much attention from specialists because Swift keyboard software runs in a privileged context on the device. It means that a hacker can cause serious harm to the phone if he/she exploits the vulnerability. According to the security specialists, there is a possibility that hackers will be able to look through the device’s camera, access microphone and GPS, read incoming and outgoing texts, install malicious applications, steal photos and text messages, and even change the settings of other applications and their behavior. As can be seen, Switfkey flaw is very serious and it is not even surprising that specialists pay much attention to it and seek to find the way to fix it. Unfortunately, there is little that owners of the devices can do in the meantime.
It has been found out that Swift keyboard asks a server whether it needs updating periodically. Shortly speaking, hackers can take over that request and pretend to be the server. Then, they can simply send malicious code to the phone. As has been mentioned above, the software itself cannot be disabled, so the only thing that users can do is to stay away from various unsecured Wi-Fi networks (e.g. a public Wi-Fi hotspot) and use a different device. Users should definitely do that at least until the vulnerability will be fixed.
In fact, there are specialists who say that this vulnerability poses a rather low risk. It is because a user must be connected to an unsecure network and the hacker must be specifically aimed at the device. On top of that, the keyboard has to conduct an update at that specific time. Even though it might seem that Switfkey vulnerability will not affect your device, security specialists still recommend being very cautious all the time. In fact, you should be extremely cautious if your carrier is Sprint or T-Mobile.
Samsung itself has started providing a patch to fix the Swiftkey vulnerability in 2015; however, it is still unknown whether carriers have already provided the patch for devices. Specialists also say that it might be really difficult to find out the exact number of mobile devices that are vulnerable and indicate their network operators. Therefore, it might take some more time to fix this exploit.
Do not worry; you will be able to use your Samsung device freely again after the vulnerability is fixed. Samsung and Swiftkey are working together very hard to find a way to avoid similar risks in the future.