NowSecure has reported a critical vulnerability in the popular keyboard app Swift key. This vulnerability allows the attacker to remotely execute code on the user’s device.
This keyboard app comes pre-loaded on Samsung Galaxy series phones. Bad thing is that users cannot uninstall this app from their devices. Samsung mobile users should consider this seriously.
Ryan Welton from NowSecure reported that Swift Key app can be tricked to download language pack updates over unencrypted connection in plain text. In this process, malicious code can be injected to control the smartphone. This attack can expose everything including phone’s data and messages without leaving any hint to user.
NowSecure informed Samsung about this vulnerability back in November 2014. Samsung handed over this to its security team to patch this as soon as possible. Samsung started providing patch to mobile network operators in early 2015. But we cannot confirm how many network providers pushed the patch. There may be millions of devices still vulnerable. Computer Emergency Response Teams (CERT) was also notified about the security flaw
This vulnerability only affects the Swift key app which comes pre-installed in Samsung’s phone. App available on different app stores is safe.
Watch this video
