Security company NowSecure has discovered a potential breach related to the Swift keyboard installed on Samsung's Android devices
upto 600 million Samsung Galaxy phones could be at risk of a major security breach that could see malicious hackers take control of parts of the phones.
If security is breached, an attacker would be able to access the camera and microphone, secretly install apps, access pictures and listen in on phone calls.
More specifically, it revolves around updates provided to Samsung by SwiftKey, the British virtual keyboard company, and how Samsung applies them into the pre-installed software.
According to SwiftKey, the flaw is "low-risk".
"The vulnerability in question poses a low risk: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device," the company said, although it has subsequently deleted the corresponding blogpost. "This access is then only possible if the user’s keyboard is conducting a language update at that specific time, while connected to the compromised network." Samsung said it was working with SwiftKey "to address potential risks going forward".
How to protect yourself
Here's what you can do to find out if you're at risk and limit the risk of attack.
See if your phone is at risk
The first thing is to see if your phone is at risk. NowSecure said the following could be:
Galaxy S6
Galaxy S5
Galaxy S4
Galaxy S4 Mini
However, this is not comprehensive and are only the ones NowSecure identified.
Avoid insecure Wi-Fi networks
We all love free Wi-Fi.
However, many of them are unsecured and vulnerable to hacking.
Most Wi-Fi networks that require you to log in via your network settings, rather than via a browser, are more likely to be safe. If you're accessing networks in a coffee shop or hotel, check with staff to see if it is legitimate, although this isn't a fail-safe solution.
Once you're done using the network, tell your phone to forget it so that it does not automatically log in again. Your phone may be most vulnerable when it is being rebooted, so try not to do this when connected to a public network.
Switch your phone or contact your carrier
A radical solution perhaps, but one of those proposed by NowSecure, is to use a different device. You can also contact your mobile operator to see if a patch has been developed and installed.
Thanks!
Your feedback helps us improve tutorials.
No comments:
Post a Comment