Samsung will be releasing an update to address a vulnerability found in the SwiftKey keyboards that are pre-installed in the company's smartphones.
The patch will be received by users through the security policy update mechanism of Samsung KNOX, and not through a complete update to the system of the affected smartphones.
In a statement that was issued by Samsung to Android news website Android Central, Samsung said that the company takes such security threats as posed by the SwiftKey vulnerability very seriously.
"We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security," the company said, adding that Samsung Knox will be able to update the security policy of smartphones through an over-the-air release to address all possible issues that can be caused by the vulnerability.
Samsung added that the update to the security policy of its smartphones will begin to roll out within a few days, and that the company is currently in discussions with SwiftKey regarding other possible issues that may present themselves in the future.
The smartphones affected by the SwiftKey vulnerability are the Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini under AT&T, Verizon, T-Mobile and Sprint. In total, over 600 million Samsung smartphone users were vulnerable from the discovered issue. Device owners that downloaded the SwiftKey app as a retail version, however, are unaffected by the vulnerability.
According to Now Secure in a post on its technical blog, a hacker could control the network traffic entering a user's smartphone and manipulate the SwiftKey update system on the affected Samsung devices to execute malicious code as a privileged user on the targeted device.
Hackers can fool users that are connected to unsecure Wi-Fi networks into downloading fake language packs for the SwiftKey keyboard, which are in fact malicious code. Once the malware enters the device and is installed, the hacker can take over the compromised smartphone remotely and carry out illegal activities.
Such things that hackers can do once the SwiftKey vulnerability has been exploited is extract personal information and data stored on the smartphone, including credit card information, photos, videos, and messages. The hacker can also take control of apps that have been installed into the smartphone, install more malware without knowledge of the owner and gain access to the device's camera, sensors and microphone.
While users wait for the SwiftKey vulnerability update, they are recommended to avoid connecting to unsecure Wi-Fi networks in the meantime.