Samsung said Friday that no hacks have been reported after a tech-security firm said in a report that 600 million Galaxy smartphones had a problematic keyboard.
The South Korean tech giant did not dispute the report from NowSecure and pledged to roll out security updates in the next few days to “invalidate any potential vulnerabilities.”
It also sought to assure customers that hacking, while not impossible, would require a specific set of conditions.
“The likelihood of making a successful attack, exploiting this vulnerability is low,” the company said in a statement.
The risk comes from the keyboard software programmed into Galaxy S6, S5, S4 and S4 mini models, according to NowSecure. The system can bypass security restrictions, giving hackers access to data.
Hackers who take advantage of the keyboard software, developed by SwiftKey, could remotely install malicious apps, eavesdrop on calls and attempt to retrieve pictures and text messages, according to NowSecure.
“Unfortunately, the flawed keyboard app can’t be uninstalled. Also, it isn’t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update,” NowSecure said in a report on its website.
NowSecure said it informed Samsung of the risk in December, and the company responded by providing a security patch to mobile networks early this year.
But NowSecure questioned the success of the measure, writing on its website: “It is unknown if the carriers have provided the patch to the devices on their network. In addition, it is difficult to determine how many mobile device users remain vulnerable, given the devices models and number of network operators globally.”
The Galaxy S4 smartphone was released in the spring of 2013, followed by more-sophisticated models such as the S6, launched in April.
What can users do as Samsung ratchets up its security efforts? Don’t use unsecured wireless networks, suggests NowSecure. To be completely safe, use another phone.