According to NowSecure “A remote attacker capable of controlling a user’s network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone.”
NowSecure mobile security researcher Ryan Welton discovered this flaw and it seems over 600 million Samsung Android device users have been affected. The security firm has notified CERT (CVE-2015-2865), and also informed the Google Android security team.
If the flaw in the keyboard is exploited, an attacker could remotely:
- Access sensors and resources like GPS, camera and microphone
- Secretly install malicious app(s) without the user knowing
- Tamper with how other apps work or how the phone works
- Eavesdrop on incoming/outgoing messages or voice calls
- Attempt to access sensitive personal data like pictures and text messages
Samsung already provided a patch to mobile network operators in early 2015, but it is unknown if all the carriers have provided the patch to the devices on their network.
If you want to check if your Samsung device is vulnerable, check out this article on the NowSecure site.