CHICAGO (WLS) -- Hackers could be getting remote access to your phone. The apparent security lapse could affect an estimated 600 million users. ABC7 consumer investigative reporter Jason Knowles spoke with the local experts who say they've uncovered the vulnerability.
It's something none of us would want: a stranger sifting through your pictures, texts and private information on your smart phone. One local tech security firm says it uncovered a potential for that flaw in a hugely popular brand.
Trisea Bills says she is not happy with Samsung because Now Secure, a company in Oak Park, says it found a major opening for thieves in about 600 million different Samsung models, including the galaxy s4, s5, and s6.
"It's disturbing," Bills said, "to know that someone has access other than myself."
Andrew Hoog says it is possible for a hacker to go digging for personal information every 8 hours, which is how often the Samsung keyboard updates.
"You can't uninstall it. You can't disable it and it is actually vulnerable for an attacker to take advantage of the update. Ultimately they can gain access to your phone," Hoog said.
Hoog says the attacker could also monitor your device: add apps, check out your pics and texts or make a call. He says the scenario is most likely to occur when a user is on a public Wi-Fi network as a cyber crook sets up a phony Wi-Fi network with the same name. Hoog showed us how it would work: as a phone surfs the web, the computer on the right gathers that data.
"And now all of the additional requests are flying through the computer," he said. "Only connect to Wi-Fi networks that you trust. Think hard just about connecting to Wi-Fi at house, maybe at work."
Hoog says Now Secure informed Samsung in November and Samsung made a patch in March, but the issue is still not fixed.
"That's just not right. It's very scary. There are so many things people shouldn't have access to," Jen Kaufman said.
Samsung says it's rolling out a security policy update in days, and gave the I-Team a statement, "...the vulnerability requires a very specific set of conditions... Of the user and the hacker being on the same unprotected network." and "the likelihood of making a successful attack... is low."
Hoog thinks consumers should be worried.
"There are other well-funded, well-motivated people out there. They could be criminal organizations they could be nation states, industrial espionage it is a real risk," Hoog said.
Samsung also says a device protected with what's called "Knox security" will prevent an attack. The company says there have been no reported cases of devices being compromised, during keyboard updates.
Swiftkey, which supplies Samsung with the keyboard technology, says it's helping to resolve the security issue.