If you use a Samsung Galaxy, we have some bad news for you. On Tuesday, Swiftkey, the software company that helps with the Galaxy’s keyboard and word-prediction service, has a very serious security flaw.
The flaw is so serious, in fact, that hackers can access your camera, your microphone, your GPS, and all of your incoming and outgoing messages. They can eavesdrop on your calls and steal your photos, and basically access whatever they want.
The security firm NowSecure released information on the SwiftKey bug in a recent report, saying that the keyboard, which was preinstalled on over 600 million devices can allow a remote hacker to do all of the terrible things that I previously listed.
Plus, the SwiftKey keyboard is impossible to uninstall, so regardless of if the software is being used, the bug can still be an issue for users and an open window for hackers. This is because attackers can use the software’s automatic update requests to manipulate and infiltrate your phone.
So, you’re probably wondering what you can possibly to do protect yourself and your information. Well, NowSecure says to use a different mobile device, or, if that’s not an option, just try to avoid connecting to unsecured Wi-Fi networks.
Joe Braidwood, of SwiftKey, insisted that this flaw is “low risk” and he explained the circumstances under which vulnerability could be exploited. He pointed out, “A user must be connected to a compromised network… where a hacker with the right tools has specifically intended to gain access to their device. This access is then only possible if the user’s keyboard is conducting a language update at that specific time.”
Samsung devices that may to be vulnerable include the Galaxy S4 mini, S5, and S6 on T-Mobile, Sprint, Verizon and AT&T.
Samsung has not released a statement yet regarding which devices are definitely affected, but SwiftKey released a statement on Wednesday insisting that the flaw does not affect the company’s consumer app (the downloadable version for Android and iOS devices from the app store).
SwiftKey’s statement also says, “We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this obscure but important security issue.”