Samsung-Logo-AH9

Samsung Issues Statement On Keyboard Security Issue

June 18, 2015 - Written By Cory McNutt

For the past few days now we have been hearing about a vulnerability on many Samsung Galaxy devices on the market, including the new Galaxy S6 and Galaxy S6 Edge, regarding a security flaw having to do with the keyboard.  It was made public at this year’s Blackhat security conference and yesterday, Samsung acknowledged its existence.  Today Samsung has issued a formal response to the situation and that security policy updates will begin rolling out in the upcoming days.  They will also work with third-party developers, such as SwiftKey, to prevent any future occurrences.

Security is at the forefront of our mobile and wireless world, and Samsung and its KNOX program are constantly working to prevent such happenings.  Researchers have noted the chance of your device being vulnerable is very small and a specific set of circumstances need to exist in order for a breach to take place.  The user and hacker would have to be on the same, unprotected network while the user was downloading a language update to their keyboard.  In addition, on a KNOX-protected device, there are safeguards built-in to prevent any malicious attacks from affecting your device.  Because of the specific parameters needed before this will occur, there have been no reported cases from any customers about their Galaxy device being compromised via a keyboard update.

Because a potential risk is there, Samsung is working on a security update that will prevent the possibility of this occurring on your Galaxy device, however remote.  All flagship models since the Galaxy S4 have the KNOX security platform already installed and one of its features is Security Enhancements (SE) for Android that automatically enforces a number of security settings on the device.  Samsung’s KNOX has the capability to do an Over-the-Air (OTA) of the device’s security policies and these updates will be “rolling out in a few days,” so make sure that your device is set to receive security policy updates automatically.

Samsung says that to ensure your device is ready, go to, “Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated.  At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates.”  On some devices, you may have to go to Settings > Security > Security policy updates > to make sure Automatic updates is checked on.  It is on this screen you can also press Check for updates to do your manual check.  For those devices without KNOX, Samsung is working on an expedited firmware update.