This website uses cookies to ensure you get the best experience on our website. OK
184 Shares 7 comments

Keyboard hack puts 600 million Samsung Galaxy devices at risk

Update: Samsung fix coming soon

Millions of Samsung Galaxy owners are at risk of having their smartphones hacked after an exploit in the devices' keyboards was discovered. Hackers are now able to use Samsung’s default keyboard app to tap into the cameras, microphones, text messages and bank account login details of Galaxy owners without their knowledge.

Highlight recent changes

Update: SwiftKey has posted an update on its blog to reaffirm that the security issue does not affect its keyboard app downloadable from Google Play and the Apple App Store.

In addition, Samsung is said to be "working on an expedited firmware update" which will be available "upon completion of all testing and approvals." No ETA was provided.

To learn how you can protect your Samsung Galaxy phone in the meantime, head to the bottom of this page so you don't miss the update when it arrives. For more information on SwiftKey's response you can visit the SwiftKey blog. Our original story continues below.

Samsung galaxy s5 vs Samsung galaxy s6 1 10
Hackers can access the Samsung camera app to spy on users. / © ANDROIDPIT

The security flaw, discovered by mobile security company NowSecure, is said to have put more than “600 million” Samsung devices at risk, including the Galaxy S4, Galaxy S5 and Galaxy S6.

Hackers can introduce harmful code into devices through the default IME keyboard (Samsung’s repackaged version of SwiftKey) by pretending to be the keyboard’s home server. Periodically, the keyboard sends a request to update, and it’s at this point that hackers can infiltrate one's handset.

In response to NowSecure's claims, a SwiftKey spokesperson said, “we’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”

However, devices which have already been hacked now require a carrier upgrade for the vulnerability to be removed. SwiftKey can not simply be updated from the Play Store to regain security.

Samsung keyboard hack: what should you do?

To make sure you get the fix that's being issued through Samsung's KNOX software, do the following:

  • Go to your settings menu.
  • Tap "Security".
  • Scroll to "Other security settings."
  • Tap "Security policy updates."
  • Make sure "Automatic updates" is ticked.

We reached out to Samsung for comment and here is the official response: 

“Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.

Samsung KNOX has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.

In addition to the security policy update, we are also working with SwiftKey to address potential  risks going forward.”


Write new comment:
  • Samsung has been manufacturing phones with the name "Galaxy" since 2009.
    Scott, you give no information about which models are affected: "including the Galaxy S4, Galaxy S5 and Galaxy S6" means "and possibly all the others -- I couldn't be bothered doing the research -- so you should all freak out." This is an excellent case of FUD (Fear, Uncertainty, and Doubt).

  • Isaac Jun 19, 2015 Link to comment

    Does this affect the galaxy s6 edge also?

  • Greg1100 Jun 18, 2015 Link to comment

    From what I read elsewhere, even if you put another keyboard on phone, it may still have the problem, because the Samsung board is integral.
    I keep no banking details on my phone, so its only a few personal pics and music.
    I do however have Kaspersky anti virus software on the phone, so that may pick up any nasties.

  • Sammy fan Jun 18, 2015 Link to comment

    What about using another keyboard (Google keyboard for example) will this solve the problem? I have GS5 btw

This website uses cookies to ensure you get the best experience on our website. More info

Got it!