Samsung downplays security threat to 600m smartphones

19 Jun 2015

Korean tech giant Samsung has acknowledged a threat to its smartphones but has downplayed the probability of hackers hijacking the devices.

Earlier this week security researchers at NowSecure revealed as many as 600m Samsung mobile devices may be vulnerable to a serious bug that could allow hackers to spy on mobile users. The risk includes the recently released Galaxy S6 smartphone.

However, while admitting the risk does exist, Samsung has downplayed the danger of phones being hacked.

“The likelihood of making a successful attack, exploiting this vulnerability, is low. There have been no reported customer cases of Galaxy devices being compromised through these keyboard updates,” said a Samsung spokesperson.

“But as the reports indicate, the risk does exist and Samsung will roll out a security policy update in the coming days.

The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.

The researchers claimed hackers can exploit the flaw to access sensors and resources like GPS, camera and microphone as well as tamper with apps and install malware on the smartphones.

“This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way.

“This includes the user and the hacker physically being on the same unprotected network while downloading a language update.

“Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective,” Samsung said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years