This is bad news for the 600 million Samsung unit owners all over the world.
Ryan Welton fromNowSecuredetailed his findings at the Blackhat Security Summit in London.
According to Welton the exploit arises out of the pre-installed SwiftKey keyboard.
The Swiftkey updates its language packs as and when they become available.
Welton says that he discovered the bug late last year and alerted Samsung and the Googles Android security team.
We take reports of this manner very seriously and are currently investigating further.
As SwiftKey is a native App and a default keyboard, there is no way to uninstall it.
Even if the keyboard isnt being used, it still makes the phone vulnerable.
Update : Looks like SwiftKey is not at fault on this one but Samsung is.
because they crazily gave the keyboard system level permissions.
As NowSecure says:Its unfortunate but typical for OEMs and carriers to preinstall third-party applications to a gadget.
In some cases these applications are run from a privileged context.
This is the case with the Swift (sic) keyboard on Samsung…
source: www.techworm.net
