During the Black Hat London presentation “Abusing Android Apps and Gaining Remote Code Execution,” NowSecure mobile security researcher Ryan Welton dramatically revealed that over 600 million Samsung mobile devices are vulnerable to an attack that is “highly reliable, completely silent, and affects all devices.”If you have a Samsung Galaxy phone, then you have the default Swift keyboard installed. This keyboard cannot be uninstalled or disabled. Even if you use another keyboard, the default Swift can still be exploited. That puts you at risk due to a significant security flaw in the keyboard.

Vulnerable Updates

The vulnerability is in the update mechanism for a Samsung-customized version of SwiftKey. When downloading updates, the Samsung devices don’t encrypt the executable file, making it possible for attackers in a position to modify upstream traffic—such as those on the same Wi-Fi network—to replace the legitimate file with a malicious payload, which Welton proceeded to demonstrate at the presentation.

If this flaw in the keyboard update is exploited, an attacker has a variety of choices of what to do with your phone. To start, they could turn the phone into a bugging/tracking device by accessing the GPS, camera and microphone and listen in on messages or voice calls.

They could install malicious apps without you knowing, and tamper with how other apps work or how the phone works. And, of course, they could access sensitive personal data like pictures and text messages. That seems almost tame in comparison to the rest of what they could do.

Welton has confirmed the vulnerability is active on the Samsung Galaxy S6 on Verizon and Sprint networks, the Galaxy S5 on T-Mobile, and the Galaxy S4 Mini on AT&T, and has reported the bug to Samsung, Google, and the CERT Coordination Center, which designated the vulnerability CVE-2015-2865.

Patch Needed

However, until Samsung releases a patch, there is precious little you can do to protect yourself. If you believe your phone is affected by this security issue, you should avoid unsecured wi-fi connections, and contact your carrier to see when it will be patched. Unfortunately, carriers have a history of failing to offer desperately needed security updates within a reasonable time frame. Depending on the nature of the information you use, you may need to switch to a new phone.

If you want to read more on this, check out NowSecure’s own post, which goes into exhaustive detail on the security hole.

WinMagic – Your Trusted Source for Security Solutions

Are you looking for ways to safeguard your company’s most valuable asset? Contact WinMagic today at 1-888-879-5879. WinMagic has been helping customers secure data through encryption since 1997. Our products have won several awards, and we have five million clients in over 80 countries. Find out how our data encryption solutions can work for you and your business by speaking with a customer service representative.


Leave a Comment


Angel Massey-Singh

About Angel Massey-Singh /

Angel is a marketer, a mom and maniacal about monkeys. She was the Vice President of Marketing at WinMagic.
Angel Massey-Singh