The emergence of a new security flaw affecting up to 600 million Samsung Galaxy smartphones, has made the latest news on the topic of security risks. On the account of a report published by security research firm NowSecure, the company that identified and reported the security flaw, hackers can gain considerable access to phones and can read text messages, tap phone calls and voice-mail, and view private photos and documents.
The vulnerability lies within the predictive-text application, Swiftkey, which comes pre-installed in many of the Samsung Galaxy models. As a result of the application, users can get updates in plain text which allows hackers to exploit the Swiftkey update program by covertly placing malicious software. Users could think they are receiving an update, when in fact, they are downloading viruses and other malware to their mobile device.
Samsung has responded to the vulnerabilities in its phone by issuing the following statement:
“Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward.”
This is not the first time Samsung users have witnessed a security flaw in their phones. Last year, a vulnerability in Samsung Galaxy’s S4 and other devices in the Knox security software exposed the users to immense threat of hackers accessing e-mails and other data.
Users, therefore, once again find themselves disappointed with their favorite smartphone brand as the threat of data hacks looms over their heads. Here, we present the top things you need to know, straight from the security risk report.
Your phone may be at risk
It is essential for users to know if their phone is one of the 600 million phones under risk of phone hacking. NowSecure has released a list of phones which it considers to be impacted by the vulnerability. The phones include the Samsung Galaxy S4 mini, S4, S5, and the recently launched S6. The Samsung flagship models since the S4, on the other hand, are unaffected owing to the KNOX security platform protection.
The report also highlights many of the mobile networks as well for being possible sources of risk; these include: Verizon, AT&T, T-Mobile, and Sprint. NowSecure cannot confirm whether more Samsung Galaxy models will be affected in the future, but as of June 16, 2015, this is the list.
Swiftkey cannot be uninstalled
The security flaw in Swiftkey presents many opportunities for hackers to gain access to your personal files and folders in your phone. They could gain access to pictures and videos, and also the phone’s camera, GPS, and microphone.
Many would assume that the end to all the worries simply lies in uninstalling the application – not so! The report released from NowSecure highlights that the problematic keyboard app cannot be removed from the phone.
Avoid unsecured Wi-Fi networks
While it may seem that there is nothing that can be done to avert the risk of phone hacking, there are many steps that users can take to prevent it. One of these is avoiding unsecured Wi-Fi networks.
It is true that using Wi-Fi whilst outdoors or travelling is fun and convenient. However, unsecured networks could pose the greatest risk of data hacking. Password-protected Wi-Fi networks or networks that do not require logging in via a browser, on the other hand, are relatively safer. Although, it is still better and advised to avoid Wi-Fi use altogether.
Change your phone
The simplest way to avoid any threat of data breach is to change your phone. If you feel that you cannot stop using Wi-Fi due to travelling needs or other reasons, then keeping another smartphone is better.
Contact your carrier for patch information
Users who have the aforementioned Samsung Galaxy phones need to be on the lookout for the latest security patch. They need to contact their network and request how soon they will release a patch to fix the problem. Samsung has already announced that it will begin rolling its security policy updates in the coming days.