According to the security firm "NowSecure"
Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.
The flaw in the keyboard could allow attackers to remotely
- Access sensors and resources like GPS, camera and microphone
- Secretly install malicious app(s) without the user knowing
- Tamper with how other apps work or how the phone works
- Eavesdrop on incoming/outgoing messages or voice calls
- Attempt to access sensitive personal data like pictures and text messages
Samsung began providing a patch for the phones earlier this year but its unknown if phone carriers passed the update onto their customers.
Link to information from Security Firm