Samsung Galaxy phones prone to hacking
Over 600 million Samsung Galaxy devices that have been produced — from the S3 to the latest S6 — has a significant flaw that lets in hackers, researchers have discovered.
The vulnerability lives in the phones’ keyboard software, which can’t be deleted. The flaw potentially allows hackers to spy on anyone using a Samsung Galaxy phone.
You can be exposed by using public or insecure Wi-Fi. But some researchers think users are exposed even on cell phone networks.
Researchers at NowSecure, a cybersecurity firm, say they told Samsung (SSNLF) about the vulnerability in November. Seven months later, nothing has been fixed. That’s why NowSecure made its findings public on Tuesday.
How serious is this problem? NowSecure CEO Andrew Hoog said that on a well-established system that ranks cybersecurity problems from 1 to 10, this vulnerability stood at 8.3.
NowSecure said it tested several Galaxy models on many different cell phone carriers. All were vulnerable. Assuming every Galaxy out there is the same, NowSecure estimates 600 million devices are affected.
Researchers say nearly every Samsung Galaxy phone — going back to the S3 in 2012 — is vulnerable to hackers.
The problem involves the word prediction software used by Samsung devices. It’s made by British tech firm SwiftKey, which Samsung installs in devices at the factory.
Last year, NowSecure researchers discovered that the SwiftKey keyboard can be tricked to accept a malicious file when the software updates. Because of the way the keyboard is installed, that virus can access some of the deepest, core parts of the phone’s computer system.
With that level of access, a hacker can then do pretty much anything to your phone.
This hack isn’t easy. But it’s a tactic for cyberattackers on a mission with lots of money and access WiFi or cell networks. One possible target? Company executives traveling to countries, such as China, where the government routinely spies on visitors to steal their business plans.
It also exposes high-level U.S. government officials.
Samsung just earned the NSA’s blessing for its Galaxy devices, which were approved for use by government employees. And the latest hack of federal employees — allegedly by the Chinese government — shows they are valuable targets.
Neither Samsung nor SwiftKey have claimed responsibility for inserting the flawed computer code. In a public statement, SwiftKey said it only found out about the flaw on Tuesday. SwiftKey said “the way this technology was integrated on Samsung devices introduced the security vulnerability.”
To calm down worried users, the British firm argued that this hack isn’t easy to pull off. It involves particular timing. A hacker can only sneak into a device when the keyboard software is applying a software update.
In a statement to reporters, Samsung said it “takes emerging security threats very seriously… and [is] committed to providing the latest in mobile security.”
The company also said it’s about to patch the issue through its Samsung KNOX service. “Updates will begin rolling out in a few days,” the company said, although it’s unclear whether all devices will receive the fix.
NowSecure said it notified Samsung in November — and as evidence of how slow this system is — on December 31, Samsung asked for a year to fix it.
In its defense, Samsung said cybersecurity researchers at NowSecure didn’t fully explain the problem in November.
“We learned about the full extent this past week,” Samsung told CNNMoney.
NowSecure advised Samsung Galaxy users to avoid insecure Wi-Fi, ditch their phones, and call their cell phone carriers to pressure them into a quick fix.
Ripples…without borders, without fears
Join the conversation
Support Ripples Nigeria, hold up solutions journalism
Balanced, fearless journalism driven by data comes at huge financial costs.
As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.
If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.
Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.
SPECIAL REPORT: Untold story of how inconsistent salary payment frustrates Cross River road sweepers
In this report, ARINZE CHIJIOKE chronicles the pains of street sweepers in Cross River State, and how inconsistent salary payment...
INVESTIGATION: How insider abuse, shoddy handling of contracts by non-existent firms hamper teachers’ productivity in Kano
In efforts to improve productivity of teachers in public schools in Kano State, the state’s Ministry of Education, disbursed over...
A tale of Kwara public school where pupils learn under the tree without chalkboards
“You cannot make people learn. You can only provide the right conditions for learning to happen.” – Vince Gowmon But...
SPECIAL REPORT: Indiscriminate waste dumps, open defecation pose threat of epidemic in Kwara as govt slow to act
Forty three-year-old Bilikis Abdulrahman covered her pineapple fruit she is selling inside a white bucket container. This, she does to...
SPECIAL REPORT: Women displaced by conflict in North-Central Nigeria become farm helps to survive
Displaced women finding refuge in Abagena camp for Internally Displaced Persons (IDP) camp in Makurdi, Benue State have resorted to...