CHICAGO—All Samsung Galaxy devices have a security flaw that opens the door to hackers, a new study finds.
The vulnerability lives in the phones' keyboard software, which can't be deleted. The flaw potentially allows hackers to spy on anyone using a Samsung Galaxy phone accessing a public or insecure Wi-Fi, and potentially cell phone networks.
Researchers at NowSecure, a cybersecurity firm, say they told Samsung about the vulnerability in November, CNN Money reported. “Seven months later, nothing has been fixed. That's why NowSecure made its findings public,” the news outlet quoted the company as saying.
NowSecure CEO Andrew Hoog told CNN Money that the vulnerability stands at 8.3 on a 1-10 scale. NowSecure said it tested several Galaxy models on many different cell phone carriers. All were vulnerable. NowSecure estimates 600-million devices are affected.
The problem involves the word prediction software used by Samsung devices. It's made by British tech firm SwiftKey, which Samsung installs in devices at the factory.
Last year, NowSecure researchers discovered that the SwiftKey keyboard can be tricked to accept a malicious file when the software updates, CNN Money reported. Because of the way the keyboard is installed, the virus can access some of the deepest, core parts of the phone's computer system, allowing hackers to do pretty much anything to a person’s phone.