600 Million Samsung Phones Including Galaxy S6 Vulnerable To Eavesdropping Malware

The pre-installed keyboard found on more than 600 million Samsung mobile devices has a vulnerability that could allow an attacker to remotely execute code as a privileged/system user. Ryan Welton, a researcher with mobile security firm NowSecure, discovered the flaw and gave Samsung a heads up back in December of last year.

NowSecure also felt that the vulnerability was serious enough to warrant notifying CERT, which in turn contacted Google's security team for Android. To Samsung's credit, it whipped up a patch and provided it to wireless carriers in early 2015, but it's not known if the carriers pushed it out to devices on their respective networks.

Making matters worse, it's not easy figuring out now many mobile device users are still vulnerable, considering the many different models and vast number of wireless carriers around the world. If a user does have an unpatched handset, an attacker could cause all kinds of trouble -- they'd be able to access sensors and resources like GPS, the camera, and microphone; install malware without the user's knowledge; control how apps or the phone works; spy on incoming and outgoing text messages and phone calls; and access personal data such as pictures.

Unfortunately, Samsung's flagship Galaxy S6 isn't immune to the security bug. In fact, it's known that the Galaxy S6 on Sprint's network remains unpatched. Same goes for the Galaxy S5 on T-Mobile's network and the Galaxy S4 Mini on AT&T's network.

The insecure keyboard, which is a customized version of SwiftKey, can't be uninstalled. It also doesn't matter if users configure their phone to use an alternate keyboard -- the vulnerability can still be exploited. In light of that, it's being recommended that Samsung device owners steer clear of insecure Wi-Fi networks, contact their wireless carriers for patch information, or simply use a different device.