Ryan Welton, security researcher from security firm NowSecure, had demonstrated the exploit at the recent Black Hat Security Conference held in London. The security vulnerability arises from SwiftKey keyboard that comes pre-installed on a number of Samsung devices. The keyboard which cannot be disabled or uninstalled allows hackers easy access to users' devices.
The vulnerability is in the update mechanism for a Samsung-customized version of SwiftKey, available on the Samsung Galaxy S6, S5, and several other Galaxy models. When downloading updates, the Samsung devices don't encrypt the executable file, making it possible for attackers in a position to modify upstream traffic, such as those on the same Wi-Fi network, to replace the legitimate file with a malicious payload.
- Access sensors and resources like GPS, camera and microphone.
- Secretly install malicious app(s) without the user knowing.
- Tamper with how other apps work or how the phone works.
- Eavesdrop on incoming/outgoing messages or voice calls.
- Give attempt to access sensitive personal data like pictures and text messages.