If an attacker was exploiting this vulnerability they could potentially siphon sensitive data off the affected devices, data which may include text messages, contacts, passwords and bank logins not to mention that the vulnerability could also be used to remotely monitor users. Samsung was told about this issue back in November last year and it provided a fix for devices running Android 4.2 or higher earlier this year in March. However NowSecure is of the view that this exploit still exists, Welton demonstrated it today at the Blackhat Security Summit in London on a Verizon Galaxy S6 and claimed to have replicated it.
NowSecure CEO Andrew Hoog believes that this exploit affects some recent devices like the Galaxy Note 4, Note 3, Galaxy S3, S4, S5 as well as the Galaxy S6 and S6 edge. This is a dilemma for users because even if they don't use SwiftKey as the default keyboard it can't be uninstalled from the device and Welton says that it can still be exploited even when it's not the default keyboard.
Until Samsung provides an official fix for this exploit Welton recommends that users be extra careful of using their handsets on networks that they're not familiar with in order to limit the chances of a man-in-the-middle attack. Attackers have to be on the same wireless network as the device that they're targeting, remote targeting is only possible by hijacking the DNS or comprising the router from another location which while possible, is not exactly an easy feat .
Samsung has so far not commented on the issue.
![[poll] how's the battery life on your galaxy note 8?](https://www.sammobile.com/wp-content/uploads/2017/09/galaxy-note-8-review-battery.jpg)
