Update: Samsung has sent TechRadar a statement acknowledging it's working on a fix for this security flaw, while also highlighting that Galaxy S4 handsets and above are already safe thanks to its Knox software.
"Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.
"It is important to note that the phone's core functions (kernel) were not affected by the reported issue due to the protection of the Samsung KNOX platform in all S4 models and above.
"Samsung KNOX also has the capability to update the security policy of the phones, over-the-air, to invalidate any remaining potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.
"In addition to the Security Policy update, we are also working with SwiftKey to address potential risks going forward."
Original article
Samsung's default keyboard on its smartphones has a vulnerability which can be exploited by hackers to snoop around your phone.
Researches from NowSecure found hackers could potentially access the phone's camera, read text messages, install apps and use the microphone to listen to what you're up to.
It all sounds a bit creepy, and it's down to a flaw in the Samsung IME keyboard, which is installed on every Galaxy smartphone - the main component of which is supplied by third party keyboard maker SwiftKey.
Samsung only
Swiftkey has issued a statement, which reads: "This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.
"We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability.
"We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue."
While some are claiming this is an easy flaw to exploit, Swiftkey doesn't agree and advises Samsung owners to stay off unknown Wi-Fi networks for now.
"The vulnerability in question is not easy to exploit: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device.
"This access is then only possible if the user's keyboard is conducting a language update at that specific time, while connected to the compromised network."
We have contacted Samsung for more information on the issue, any we will update this article once we receive a response.
Via Independent
