Skip to main content

600 million Samsung phones at risk from SwiftKey security flaw

As many as 600 million Samsung smartphones could be a risk from a serious security vulnerability, according to the latest reports.

Researchers at NowSecure claim that the SwiftKey typing software that is bundled with many handsets could enable attackers to hijack phones remotely.

Read more: Should Apple be worried? Samsung crushing Apple in the smartphone wars

Because SwiftKey has system-level access and installs updates in plain text, it could potentially be infiltrated and used to access sensors, install malicious applications, or steal sensitive information. Ryan Welton, the security researcher who discovered the flaw informed Samsung in December of last year, but it is difficult to say if the South Korean firm’s attempts to rectify the issue have been successful.

“While Samsung began providing a patch to mobile network operators in early 2015, it is unknown if the carriers have provided the patch to the devices on their network,” explains NowSecure. “In addition, it is difficult to determine how many mobile device users remain vulnerable, given the devices models and number of network operators globally.”

According to tests run by the security company, the Samsung Galaxy S6, the Galaxy S5 and the S4 Mini remain unpatched across Verizon, Sprint, T-Mobile and AT&T networks. Other devices are also believed to be vulnerable meaning an estimated 600 million smartphones are at risk.

The problem for Samsung users is that there’s very little that they can do to secure their devices as SwiftKey is pre-installed and can’t be uninstalled unless they root their handset, which would void their warranty.

Although Samsung has not commented directly on the problem, SwiftKey has issued a statement in which it reassures users that all attempts are being made to resolve the situation.

"The vulnerability in question poses a low risk: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device,” a SwiftKey spokesperson explained. “This access is then only possible if the user’s keyboard is conducting a language update at that specific time, while connected to the compromised network."

Read more: Samsung paid £160 million for mobile payments service LoopPay

UPDATE: Samsung has issued a comment saying: “Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue.

"The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward."