June 20, 2015
6 Top Programming Languages For Mobile Development
6 Top Programming Languages For Mobile Development (Click image for larger view and slideshow.)
Security research firm NowSecure recently published reports concerning vulnerabilities in Samsung smartphones. In a recent update, Samsung has announced that, while the likelihood of attack is low, it plans to roll out security updates to its mobile devices.
The flaw uncovered by NowSecure mobile security researcher Ryan Welton left more than 600 million Samsung products vulnerable to hackers.
The problem lies within the SwiftKey keyboard replacement software embedded in all Samsung phones. The software receives updates in plain text, meaning hackers could manipulate SwiftKey into believing it was getting an update when in reality, an attack could be taking place.
In a new report, Samsung claims the chances of exploitation are low because the SwiftKey attack would require very specific conditions. The user and hacker must physically be on the same unprotected network while a language update is being downloaded.
[More security updates: New Apple iOS, OS X Flaw Pose Serious Risk.]
Further, all Samsung flagship models since the Galaxy S4 are protected with the KNOX security platform, which provides real-time kernel protection and requires advanced capabilities for SwiftKey attacks to be effective.
NowSecure reported the flaw to Samsung in December 2014 and Samsung developed a patch for the issue earlier this year. It was the responsibility of wireless carriers to deploy the fix. NowSecure claims that Verizon, AT&T, and Sprint have not yet done so.
However, through KNOX, Samsung can update phones' security policies over the air and eliminate potential vulnerabilities caused by the SwiftKey issue. The company promises that security policy updates will begin rolling out over the next few days.
Updates will be directly pushed to devices users, who must agree to receive them. Samsung customers can ensure their device receives updates by going to Settings > Lock Screen and Security > Other Security Settings > Security Policy Updates and ensuring the Automatic Updates option is turned on.
Samsung acknowledges not all of its devices are equipped with KNOX, and it's working on an expedited firmware update. Availability and schedule may vary according to smartphone model, service carrier, and region.
About the Author(s)
You May Also Like
3 Real-World Challenges Facing Cybersecurity Organizations
7 Steps to Build Quantum Resilience
The Definitive Guide to Understanding IP Addresses, VPNs and their Implications for Businesses
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration
Cyberthreats Racing Ahead of Your Defenses? Secure Networking Can Put a Stop to That