The SwiftKey keyboard, so popular on Android and iOS platforms, puts hundreds of millions of mobile terminals at risk, according to a company specialized in IT security.
According to it, the vulnerability exists only in mobile terminals that have the application pre-installed, that is, only in Samsung terminals, no less than 600 million units being affected by it, according to the company that discovered the exploit.
The vulnerability was discovered last year by the company NowSecure, Samsung being informed about its existence in December, and although the Koreans offered mobile operators a patch to solve it, they did not distribute it to users.
NowSecure claims that neither in the US nor in other countries around the world, mobile phone operators have not offered this patch to all Samsung terminals that are vulnerable, in total over 600 million units that can be exploited by hackers.
Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.
According to the company, hackers can use the SwiftKey keyboard to execute unsigned code with administrator access, so a mobile terminal can be remotely controlled without restrictions by hackers and of course data can be easily retrieved from it.
The good part of the whole story is that exploitation becomes possible only if the mobile terminal is connected to an unsecured WiFi network, but considering that many users use public WiFi networks, many remain at risk.
This vulnerability reveals again how difficult it is to offer patches for vulnerabilities on the Android platform, where manufacturers are dependent on mobile phone operators to provide these solutions.
