“In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward,” said Samsung.
According to a report by mobile security company NowSecure, the SwiftKey keyboard flaw could allow an attacker to remotely access sensors (including features such as GPS, camera, and microphone); secretly install malicious app without the user knowing and fiddle with how other apps function, or how the smartphone works. The security flaw could also allow an attacker to eavesdrop on incoming/ outgoing messages or voice calls while could allow access to personal data such as images and text messages.
SwiftKey in an emailed statement to NDTV Gadgets defended itself, saying the SwiftKey app available on Google Play and App Store had no such security flaw. The company added that while SwiftKey supplied Samsung with the ‘core technology’ to power word predictions on its keyboards, it “appears the way this technology was integrated on Samsung devices introduced the security vulnerability.” SwiftKey said it is working with “long-time partner” Samsung to resolve the issue.
The statement added that the vulnerability was difficult to exploit, and only possible if the Samsung device user is connected to a compromised network (such as a spoofed public Wi-Fi network) and the device was undergoing a language update at the same time.