A few days ago, reports began to emerge about a vulnerability which seems to exist for a number of Samsung smartphones on the market. To be clear, the vulnerability was said to include many of the flagship (Galaxy S and Note) range devices, like the Samsung Galaxy S6 and S6 Edge. The vulnerability which was publicly unveiled at this year’s Blackhat security conference, meant that a number of Samsung smartphones were vulnerable to downloading code which could either be used to obtain user data or reside on the system and used to prompt future attacks.
The short of the vulnerability stemmed from the use of SwiftKey on Samsung devices. The third-party keyboard app comes pre-installed on a number of devices and it was found that when the app looks for updates to its language packs, it does so in plain text and not over encrypted channels. It was this route which could allow for attacks on users devices. During the recent coverage, it was reported that Samsung had been thought to have provided a fix to the issue back in March, however the recent Blackhat coverage seemed to confirm that the fix had either not been applied or more simply, did not fix the issue.
A Samsung spokesperson has confirmed to us that the issue does exist, Samsung is aware of the issue and is in the process of remedying the situation. In the response, the spokesperson confirmed that Knox is able to update the security policy on smartphones which renderers the vulnerability ineffective. The response also firmly states that Samsung is working with SwiftKey to ways to avoid future risks that may developer from the app updating procedure. For those who are concerned, as we reported a few days ago, it is believed that attacks are only more at risk when the attacker is on the same network. As such, using trusted networks, the limitation of any attacks is minimal. You can read the full response below.
“Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward“.