Samsung Galaxy S6, S5, S4 and S4 Mini phones have a massive flaw that allows an attacker to take over the device. It’s in the keyboard code, of all places, thanks to a custom SwiftKey build. There are about 600 million of these things in circulation, it’s thought.

The bug is easy to exploit, because the phones are vulnerable to a plain-text man-in-the-middle attack. Yet it’s hard to properly patch, because fixing it relies on wireless carriers all over the world getting their respective fingers out and doing something.

The more you think about it, the more awful this appears: Imagine a global botnet of 600 million mobiles. In IT Blogwatch, bloggers shudder.

To read this article in full or to leave a comment, please click here