Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. According to a report published by security specialist NowSecure, the risk comes from a pre-installed keyboard that allows an attacker capable of controlling a user’s network traffic to manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone.

The Swift keyboard comes pre-installed on Samsung devices and cannot be disabled or uninstalled. Even when it is not used as the default keyboard, it can still be exploited.

If the flaw in the keyboard is exploited, an attacker could remotely access sensors and resources like GPS, camera and microphone. Malicious app(s) could be secretly installed, and sensitive personal data like pictures and text could be accessed. Attackers could also
tamper with how other apps work or how the phone works, or even eavesdrop on incoming/outgoing messages or voice calls.

NowSecure says it had notified Samsung about the flaw in December of 2014. Given the magnitude of the issue, NowSecure notified CERT who assigned CVE-2015-2865, and also informed the Google Android security team.

Samsung said it would upgrade the Knox security software in a few days to eliminate the security risks.

It isn't easy for users to tell if their device has been patched either. NowSecure recommends avoiding connection to insecure Wi-Fi networks, contacting their service provider for patch details or even temporarily switching to a different mobile device.

Standalone SwiftKey apps on the Google Play and Apple App Stores are not affected by this flaw. A SwiftKey statement says, "We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue".