Mobile security researcher from NowSecure have founded that more than 600 million Samsung devices are vulnerable to remote code execution vulnerability in the Samsung keyboard.
According to NowSecure Samsung stock keyboard using the SwiftKey SDK which allows hackers to access sensors on the device, microphone, GPS, pictures, camera and even messages.
This vulnerable allows hackers to download and install malicious app on the device without requiring the user’s permission and can even track incoming and out messages and calls.
Samsung and the Android security was notified last year about CVE-2015-2865. Patches are available to download since 2015 but there is no proper count on how many devices are updated. Since the Samsung stock keyboard comes default on all Samsung devices and cannot be uninstalled.
According to Official support forum, “We’ve seen reports of a security issue related to the Samsung stock keyboard that uses the SwiftKey SDK. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.” said by SwiftKey team