Scam of the day – June 21, 2015 – Millions of Samsung phones vulnerable to hacking

by | Jun 21, 2015 | Scam of the day, Site Related

A security flaw in Samsung Galaxy smartphone models S4, S4 Mini, S5 and S6 has been found that makes the phones vulnerable to being hacked in a manner that can give the hacker control over the smartphone’s microphone and camera, access text messages and be able to download malicious apps.  This flaw affects as many as six hundred million Samsung Galaxy smartphones and was discovered by Ryan Welton of the security firm NowSecure seven months ago and it was reported to Samsung immediately.  NowSecure agreed, at the time, to keep their discovery a secret in order to give Samsung time to develop a patch.  After seven months without Samsung releasing a patch, NowSecure decided it was important to go public with the information and did so this past week at a conference in London.

On a positive note, this hacking can only be done when the keyboard software is applying an update, however, the seriousness of the vulnerability makes it very dangerous.  In particular, companies whose employees use these smartphones may find them targeted by countries like China that make it a practice to spy on companies to gather trade secrets.  In addition, the Samsung Galaxy smartphones have been approved by the National Security Agency (NSA) for use by federal government employees, who are also the targets of surveillance by foreign countries.

TIPS

Samsung has issued the following statement regarding the problem, “We are aware of the recent issue… and are committed to providing the latest in mobile security.  “Samsung KNOX” which is Samsung’s mobile security program, “has the capability to update the security policy of the phones, over the air to invalidate any potential vulnerabilities caused by this issue. The security policy will begin rolling out in a few days.”

NowSecure, the company that discovered the flaw suggests that until the problem is resolved, those people affected should avoid insecure Wi-Fi networks, which is good advice for everyone, and use another device, if possible.  You should also contact your smartphone carrier for the latest information about the timing of a security patch.

Here is a link to  NowSecure’s report on this problem which contains a  list of all of the affected Samsung Galaxy smartphones so you can find out if your phone is affected: https://www.nowsecure.com/keyboard-vulnerability/