South Korean tech giant Samsung has responded to claims from mobile security company NowSecure that 600 million of their phones could be hacked through its pre-installed keyboard by saying that no such hacks have been reported to date. However, Samsung did not dispute the possibility itself and promised a number of updates in the next few days to cover any possible security flaws.
The company has assured the customers that the probability of a successful hack through the said method is very low and requires a specific set of circumstances to be in place.
NowSecure claims that more than 600 million Samsung phones might be affected from a security flaw which comes from the phone’s virtual keyboard, which would allow a hacker to execute code on the device from a remote location with the credentials of a privileged user.
According to the tech security firm, a successful hack could provide a potential attacker with access to the phone’s GPS, camera or microphone. It could also let him install malicious apps and viruses without the user ever knowing and even listen to voice calls and read messages. There is also the possibility of accessing personal data such as photos or videos.
The list of models vulnerable to the hack includes the Galaxy S4 and S4 Mini, Galaxy S5 and Galaxy S6, with the possibility of other models being affected as well. The keyboard app can not be uninstalled, but some mobile carriers may have patched the problems themselves. NowSecure strongly recommends users of said models to avoid connecting to insecure wi-fi networks.
NowSecure have apparently informed Samsung about the problem as early as December 2014, but went public with the story after the patch the South Korean company provided in early 2015 was deemed unsatisfactory. It is unknown whether most mobile carriers actually applied the patch through their networks.
In other news, Samsung users have also reported issues with the recently released Galaxy S6 and S6 Edge, with some of the phone’s quick setting strangely disappearing. The company has provided quite an unusual solution to this problem: it gave users a free app on the Galaxy Apps store.
The app, named QuickPanel Restore, requires only installing, after which all of your quick setting should start showing as normal. This is the first time the company provides a software patch through the app store rather than through an OS update, probably considering that this was a faster way to make it available for everyone. It remains to be seen whether the security updates will be delivered in a similar manner.
Image Source: samsung.com