New Delhi: Over 600 million Samsung mobile device users have been reportedly affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6.
According to NowSecure, the risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.
Uncovered by NowSecure mobile security researcher Ryan Welton, Samsung was notified in December of 2014. Given the magnitude of the issue, NowSecure notified CERT who assigned CVE-2015-2865, and also informed the Google Android security team.
If the flaw in the keyboard is exploited, an attacker could remotely access sensors and resources like GPS, camera and microphone. They can also secretly install malicious apps without the user knowing.
The attackers can also eavesdrop on incoming/outgoing messages or voice calls and attempt to access sensitive personal data like pictures and text messages.
Photos: Kareena Kapoor Khan and Aamir Khan at Mumbai airport
Photos: SRK, wife Gauri, Aishwarya Rai, Shweta Bachchan at Vogue Awards
Photos: Harbhajan Singh-Geeta Basra's TV outing with daughter Hinaya
Photos: Malaika Arora flaunts ripped jeans like a boss!
Photos: Vaani Kapoor, Kriti Sanon, Dia Mirza sizzle on the ramp