Samsung Update Fixes SwiftKey Security Flaw

Samsung will release a security policy update following reports of vulnerability in SwiftKey keyboard replacement software.

Kelly Sheridan, Staff Editor, Dark Reading

June 20, 2015

2 Min Read
<p align="left">(Image: Samsung)</p>

6 Top Programming Languages For Mobile Development

6 Top Programming Languages For Mobile Development

6 Top Programming Languages For Mobile Development (Click image for larger view and slideshow.)

Security research firm NowSecure recently published reports concerning vulnerabilities in Samsung smartphones. In a recent update, Samsung has announced that, while the likelihood of attack is low, it plans to roll out security updates to its mobile devices.

The flaw uncovered by NowSecure mobile security researcher Ryan Welton left more than 600 million Samsung products vulnerable to hackers. 

The problem lies within the SwiftKey keyboard replacement software embedded in all Samsung phones. The software receives updates in plain text, meaning hackers could manipulate SwiftKey into believing it was getting an update when in reality, an attack could be taking place.

In a new report, Samsung claims the chances of exploitation are low because the SwiftKey attack would require very specific conditions. The user and hacker must physically be on the same unprotected network while a language update is being downloaded.

[More security updates: New Apple iOS, OS X Flaw Pose Serious Risk.]

Further, all Samsung flagship models since the Galaxy S4 are protected with the KNOX security platform, which provides real-time kernel protection and requires advanced capabilities for SwiftKey attacks to be effective.

NowSecure reported the flaw to Samsung in December 2014 and Samsung developed a patch for the issue earlier this year. It was the responsibility of wireless carriers to deploy the fix. NowSecure claims that Verizon, AT&T, and Sprint have not yet done so.

However, through KNOX, Samsung can update phones' security policies over the air and eliminate potential vulnerabilities caused by the SwiftKey issue. The company promises that security policy updates will begin rolling out over the next few days.

Updates will be directly pushed to devices users, who must agree to receive them. Samsung customers can ensure their device receives updates by going to Settings > Lock Screen and Security > Other Security Settings > Security Policy Updates and ensuring the Automatic Updates option is turned on.

Samsung acknowledges not all of its devices are equipped with KNOX, and it's working on an expedited firmware update. Availability and schedule may vary according to smartphone model, service carrier, and region.

About the Author(s)

Kelly Sheridan

Staff Editor, Dark Reading

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights