UPDATE: Samsung addresses the keyboard vulnerability issue using KNOX.
If you happen to own a Samsung Galaxy S4, Galaxy S4 Mini, Note 3, Galaxy S5 or the more recent Galaxy Note 4 and Galaxy S6, we have a bit of bad news for you. Samsung’s built-in stock keyboard apparently has an exploit that might potentially allow people to execute code remotely on your phone no thanks to a flaw in the SwiftKey software.
Basically if you are connected to an unsecured access point like an open WiFi network it’s possible for someone to intercept and alter SwiftKey language packs as they update and upload a malicious payload by impersonating the server which updates the software.
If the flaw is exploited, people could get access to sensors and resources on your phone like the GPS, camera and microphone, eavesdrop on voice calls and messages, attempt to steal your personal data and otherwise mess with the apps on your device. However, the problem lies strictly with phones that come with Samsung’s version of SwiftKey as the problem doesn’t affect those who downloaded it from Google Play or the App store.
Samsung has already been notified by the issue and they are working on a patch for it but for now its best to avoid public hotspots that aren’t secure, use a VPN or just keep to your personal secure networks till there’s official word of the fix.