It’s been a bad day for both Samsung and Swift, the makers of the keyboard liked by lots of Android and iOS users, after it was discovered that a security defect leaves Galaxy devices open to the running of harmful code when the Swift Keyboard is set up. The flaw, according to the security researcher who found it, impacts over 600 million devices, and that includes the brand new Galaxy S6 and Galaxy S6 edge.
The defect was found by NowSecure mobile security scientist Ryan Welton, and effectively enables bad people to access a device’s camera, microphone and GPS performance while also allowing them to listen in on calls made on the device.
While Swift’s keyboard is readily available via the Google Play Store, that version does not have the exact same privileged gain access to as the one that comes pre-baked into Samsung’s Galaxy smartphones, implying Samsung’s handsets are the only ones affected by this specific problem. To make matters worse, Samsung’s choice to develop Swift into its own mobile software application means that it can not be uninstalled by users, making the security defect even more distressing for those selling around the wrong handset. Simply disabling the keyboard itself is not a design either, as Welton mentions that the flaw will still remain in play no matter which keyboard a user actually has active at the time.
According to the scientist, the problem is that Swift downloads new languages in the background, enabling the injection of destructive code. Welton was able to do simply that himself, making use of absolutely nothing more than a piece of software and a WiFi USB dongle.
If the flaw in the keyboard is exploited, an assailant might from another location:
- Gain access to sensors and resources like GPS, cam and microphone
- Secretly install destructive app(s) without the user understanding
- Tamper with how other apps work or how the phone works
- Eavesdrop on incoming/outgoing messages or voice calls
- Attempt to access sensitive personal information like photos and text messages
Fortunately here though is that Samsung is already familiar with this issue and is working to obtain software updates out to the influenced smartphones. Until that occurs though, the very best method to stay safe is to make certain you avoid troubled WiFi networks while utilizing your Samsung Galaxy phone. Beyond that, you’re most likely very well simply not using it at all.
The list of impacted devices is as follows: