A vulnerability in software on the phones lets hackers look through the phones’ camera, listen to the microphone, read incoming and outgoing texts and install apps, according to researchers. Until Samsung fixes the problem, there is little that owners of the phone can do beyond staying off unsecured wifi networks.

The hack works by exploiting a problem with the Samsug IME keyboard, a re-packaged version of SwiftKey that the company puts in Samsung Galaxy keyboards. That software periodically asks a server whether it needs updating — but hackers can easily get in the way of that request, pretend to be the server, and send malicious code to the phone.

 

It doesn’t matter if Samsung users are using the keyboard or not, because it is still making the requests. But users of SwiftKey on other Android phones seem to be safe, because the problem appears to be isolated to Samsung’s version of the software.

There are usually protections in place that stop hackers from performing what is called a “man in the middle attack”, by encrypting communication with the server, as well as ones to stop any malicious code from getting too deep into the phone. But Samsung has given its version of the software special permissions, which means that hackers can get through the protections in Android that stop third-party apps from tampering with other bits of the device.

Though staying away from unsecured wifi networks will make users less likely to be hit by the problem, it doesn’t mean that they’re safe. Hackers could still get in the way of the messages during the course of normal browsing.

Via THE INDEPENDENT