More than 600 million Samsung mobile devices—including those of Galaxy S6—have been exposed to a security risk. The shortcoming was demonstrated at Black Hat security conference in London by Ryan Welton, a researcher with security firm NowSecure.
The security drawback arises from SwiftKey keyboard pre-installed on a number of Samsung devices. The keyboard cannot be disabled or uninstalled and so allows hackers easy access to the devices.
The flaw allows a hacker to access sensors and resources such as GPS, camera and microphone, secretly install malicious app(s) without the user knowing anything, tamper with other apps work or the phone itself, listen on incoming/outgoing messages or voice calls and attempt to access sensitive personal data.
Hackers can also use the vulnerability when Swift keyboard is not used as the default one.
According to NowSecure, it told the Korean tech-giant about the vulnerability in November 2014. However, it is unclear if carriers have passed the fix to all users. Also, Samsung had reportedly asked NowSecure to wait for a period of three months before going public.
Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini are among the list of affected handsets.