We have been made aware of a critical vulnerability targeting SwiftKey keyboards, which are pre-installed on multiple Samsung Android devices, including the Galaxy S3, S4, S5, S6 and the Galaxy Note 3 and 4.
The vulnerability allows attackers to remotely access the phone and execute code when it is connected to an unsecure WiFi network. Once they have gained access, the attacker could access the phone’s GPS coordinates, camera and microphone, install malicious apps, intercept messages, and gain access to usernames and passwords and locally-stored files, such as photos.
As SwiftKey cannot be uninstalled from the Samsung Galaxy smartphones that use it as the default keyboard app we recommend that Samsung Galaxy smartphone owners avoid using unsecure Wi-Fi networks until the vulnerability is patched. Setting the phone to automatically receive security updates from Samsung will ensure that you receive the security patch as soon as it becomes available. If you have questions about security updates, please contact your carrier.
For more information about the SwiftKey vulnerability, please review the resources below:
- TrendLabs Security Intelligence Blog: What you need to know and how to protect yourself
- Forbes.com: Samsung Galaxy vulnerable to keyboard cracking attack
To learn more about how you can protect your mobile device from unauthorized access, review InformationWeek’s 5 Essential Mobile Security Tips.
If you ever feel that your Meredith Village Savings Bank accounts or online banking are at risk for fraud, please do not hesitate to contact us for assistance protecting your financial information.