600 million Samsung Galaxy Smartphones are at risk due to a flaw in the software that comes bundled with the phones. The software is called Swiftkey typing (word prediction software) with system-level access. Swiftkey also installs updates in plain text. Security company NowSecure says, when combined, this makes it possible for an intruder to hijack the update and remotely execute code and malicious programs.

According to NowSecure this is what can happen to our Samsung phone:

  • Access sensors and resources like GPS, camera and microphone
  • Secretly install malicious app(s) without the user knowing
  • Tamper with how other apps work or how the phone works
  • Eavesdrop on incoming/outgoing messages or voice calls
  • Attempt to access sensitive personal data like pictures and text messages

Recent NowSecure tests found that the the Galaxy S6 is unpatched on both the Verzion and the Sprint network in the US, as well as the T-Mobile Galaxy S5, AT&T Galaxy S4 Mini, and multiple other devices. The company estimates as many as 600 million devices could be affected. Devices dating back to the Galaxy and Galaxy Note S3 have SwiftKey’s word prediction software.

According to Digital Trends:

Ryan Welton of NowSecure discovered the flaw last year and subsequently notified Samsung in December 2014. Samsung immediately worked on a patch and sent updates to various carriers for devices running Android 4.2 or higher in March 2015. However, it’s unknown whether these patches have made their way to devices. Carriers are notorious for taking their time with updates due to their so-called rigorous testing for bugs.

Unfortunately, there is no other fix because users can’t simply uninstall the Swift app — one of the not so joyous benefits of carrier bloatware. Users are still vulnerable even when Swift isn't set as the default keyboard.

What can Samsung users do? Don’t use unsecured wireless networks, suggests NowSecure. To be completely safe, use another phone.

More From 96.1 The Eagle