By exploiting a vulnerability in the phones' keyboard software, hackers can pretend to be the server that the phones connect to for updates, enter into the phone and control the camera or microphone, read texts, and install apps. 

"We supply Samsung with the core technology that powers the word predictions in their keyboard," read a SwiftKey statement. "It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this obscure but important security issue."

Researchers at mobile technology security firm NowSecure say they discovered the exploit — which could affect up to 600 million phones — and told Samsung about it in November, only going public with their findings now after seeing no progress for months towards fixing the problem.