More than 600 million Samsung mobile devices are vulnerable to a bug within the built-in keyboard, according to a security firm.
The SwiftKey keyboard built into some of Samsung’s recent mobile phones allows an attacker to remotely execute code, according to NowSecure, which uncovered and reported the bug.
“The attack vector for this vulnerability requires an attacker capable of modifying upstream traffic,” NowSecure said in a blog post.
“The vulnerability is triggered automatically (no human interaction) on reboot as well as randomly when the application decides to update.”
The flaw was revealed by NowSecure security expert Ryan Welton at a conference in London in late 2014.
A spokesman for Samsung said they were aware of the issue and would roll out security updates in the next few days.