Newly Found Security Flaw Poses Threat to Millions of Samsung Phones


Samsung flagship devices have packed the company’s own keyboards all along. With somebody else providing a better keyboard experience elsewhere thanks to advanced word prediction algorithms, it only made sense for Samsung to reach out to them and incorporate that in their own keyboards. The end result? A keyboard that everyone of us is proud to use today.

Of course we all have our preferences and you may not necessarily like the Samsung keyboard on your phone. With Samsung devices running on Android, it means that users are spoilt for choice and you can as well shift to using the Swiftkey keyboard itself or the many other decent keyboard applications available on the Google Play Store. It is this built-in Samsung keyboard that was the subject of scrutiny by security researchers and found to be a weak point. A security risk.

According to researchers at NowSecure, the Samsung keyboard’s vulnerability may allow anyone with malicious intent to gain access of a Samsung device and with access to the relevant privileges like superuser/root, manipulate the device’s sensors, install malicious apps that further worsen the situation, manipulate application behaviour, access your calls, texts and even images stored on the device.

The stock keyboard on your Samsung device continually looks for updated language packs. The communication between the device and the servers happens to be unencrypted. As a result, anyone can take advantage of the situation and make things worse if they need to.

Should you be worried?

Yes and no. Yes because anything that makes your device less secure exposes you to the unknown and trust me, you don’t want to know the unknown. Yes if you live in the United States and your Samsung phone happens to be locked to your carrier’s network. This is because a fix to the vulnerability was released by Samsung at the start of the year and should have already hit your device and patched things up. However since any such updates are not pushed directly to phones locked to carrier networks as they have to test and approve the update first, it cannot be determined at the moment if all the devices that stand the risk of being exploited have received the update and things fixed. Some Verizon, T-Mobile, AT&T and Sprint devices remain unpatched, at least according to the researchers.

The Samsung keyboard is an essential system application and you just cannot uninstall it. You can do that by taking the root method and several other steps but as we’ve always known hardly anyone ever does that (yeah, root brigade is an absolute minority). Never mind that rooting provides the elevated privileges that make anyone hacking you proceed easily. Users are still vulnerable no matter the keyboard they use.

The last few generations of Samsung devices including the most recent, the Galaxy S6 and S6 Edge, are all affected.

There are no reported instances of the vulnerability being exploited so you shouldn’t be that worried if you have a Samsung device lying around.