Samsung Response To Smartphone SwiftKey Vulnerability

Advertisement
Advertisement

A few days ago, reports began to emerge about a vulnerability which seems to exist for a number of Samsung smartphones on the market. To be clear, the vulnerability was said to include many of the flagship (Galaxy S and Note) range devices, like the Samsung Galaxy S6 and S6 Edge. The vulnerability which was publicly unveiled at this year's Blackhat security conference, meant that a number of Samsung smartphones were vulnerable to downloading code which could either be used to obtain user data or reside on the system and used to prompt future attacks.

The short of the vulnerability stemmed from the use of SwiftKey on Samsung devices. The third-party keyboard app comes pre-installed on a number of devices and it was found that when the app looks for updates to its language packs, it does so in plain text and not over encrypted channels. It was this route which could allow for attacks on users devices. During the recent coverage, it was reported that Samsung had been thought to have provided a fix to the issue back in March, however the recent Blackhat coverage seemed to confirm that the fix had either not been applied or more simply, did not fix the issue.

Advertisement

A Samsung spokesperson has confirmed to us that the issue does exist, Samsung is aware of the issue and is in the process of remedying the situation. In the response, the spokesperson confirmed that Knox is able to update the security policy on smartphones which renderers the vulnerability ineffective. The response also firmly states that Samsung is working with SwiftKey to ways to avoid future risks that may developer from the app updating procedure. For those who are concerned, as we reported a few days ago, it is believed that attacks are only more at risk when the attacker is on the same network. As such, using trusted networks, the limitation of any attacksĀ is minimal. You can read the full response below.

"Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward".

Advertisement
Share this page

Copyright ©2015 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Advertisement
Editor-in-Chief

John has been writing about and reviewing tech products since 2014 after making the transition from writing about and reviewing airlines. With a background in Psychology, John has a particular interest in the science and future of the industry. Besides adopting the Managing Editor role at AH John also covers much of the news surrounding audio and visual tech, including cord-cutting, the state of Pay-TV, and Android TV. Contact him at [email protected]

View Comments