by Bill Snyder

Attention Samsung Galaxy Users: Your phone has a big security flaw

News Analysis
Jun 19, 2015
MalwareMobileMobile Security

Samsung readies fix for a security flaw that may have compromised as many as 600 million phones, including the Galaxy.

As many 600 million Samsung phones may have a security flaw that could allow hackers to monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps. Fortunately, Samsung says it will release a fix in a few days.

Until then, if you are using a Samsung Galaxy S6, S5 or S4 and probably other Android phones made by the same company, avoid using unsecured Wi-Fi networks, such as the kind you’ll find at a Starbucks or other retail location, until you’ve updated your phone.

The fix will be automatically downloaded to your phone if you’ve enabled auto downloading. To ensure your device receives the latest security updates, Samsung says go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, click on “Check for updates” to manually retrieve any new security policy updates.

Seen first at Black Hat

The exploit was demonstrated Tuesday at the Blackhat security conference in London by Ryan Welton, a researcher with security firm NowSecure. (Ars Technica was the first to report this.) Samsung says there haven’t been any reports thus far of Galaxy devices being compromised and the hack could only occur under a fairly narrow set of conditions. But the potential for a hack is real, the company says.

The hole is related to the SwiftKey keyboard, which is installed on millions of Samsung phones, and is a potential threat even if the user has not activated that keyboard. The malicious code checks for new language packs over an unencrypted, plain text connection. Welton says he can spoof a proxy server for the keyboard that allows access to many functions on the smartphone.

The security researcher says he has confirmed that the vulnerability is active on the Samsung Galaxy S6 on Verizon and Sprint networks, the Galaxy S5 on T-Mobile, and the Galaxy S4 Mini on AT&T. Whether your Samsung phone is active on one of those networks or not, you should take the steps I’ve mentioned to be sure you’re your device secure.