A cybersecurity firm has disclosed that the flagship smartphones of Samsung from the Galaxy S3 to the latest Galaxy S6 are vulnerable to hackers.
In a thorough research by NowSecure, it found out that the prediction software used by the flagship smartphones of the Korean tech giant can be tricked to accept a malicious file when the software updates.
Because of the way the keyboard on the smartphone is installed, the virus can actually gain access to some of the deepest and core parts of the phone’s computer system, reports CNN Money.
With such a key level of access to one’s smartphone, a hacker can actually do a lot of things to the handset and to the user too, including spy on him without being detected at all.
Vulnerability is in the keyboard software
According to NowSecure, the vulnerability of the Samsung flagship smartphones to cyberattackers primarily lies on the keyboard software which cannot be deleted.
Samsung uses the SwiftKey keyboard software in its flagship smartphones. The software is made by a British tech firm but it is Samsung that installs them on the handsets at its factory.
Users of Samsung flagship smartphones can actually be exposed to the hacking by using public or unsecure Wi-Fi although according to some of the researchers at NowSecure, they can also be exposed even on carriers or mobile phone networks.
NowSecure disclosed that it has already raised the concern to Samsung as early as seven months ago or back in November but apparently, the Korean tech giant has done nothing to address it so the cybersecurity firm decided to make its findings public in the interest of protecting the consumers or users of Samsung flagship smartphones, numbering about 600 million all over the world.
According to Andrew Hoog, CEO of NowSecure, the vulnerability rating for the prediction software of Samsung’s flagship smartphones is at 8.3 from a scale of 1 to 10, with 10 being the riskiest.
Hoog also added that they have decided to make the security flaw public because of mounting pressure. He said that NowSecure has already advised companies for half a year but they are unable to tell them that their employees and managers are at serious risk of being spied upon by hackers.
He said that they needed to tell them about the risk because it would be naïve to think that other entities would not be capable of finding and subsequently executing it.
Not easy to pull off
Both Samsung and SwiftKey stated that it was neither of them who inserted the flawed computer code on the flagship smartphones of the Korean tech giant.
In a public statement following the disclosure of NowSecure, SwiftKey said that it has only found out about the flaw when the cybersecurity firm pointed it out. It explained that the security vulnerability came about with the way the technology was integrated on Samsung devices.