Samsung Update Fixes SwiftKey Security Flaw - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
News
6/20/2015
11:05 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Samsung Update Fixes SwiftKey Security Flaw

Samsung will release a security policy update following reports of vulnerability in SwiftKey keyboard replacement software.

6 Top Programming Languages For Mobile Development
6 Top Programming Languages For Mobile Development
(Click image for larger view and slideshow.)

Security research firm NowSecure recently published reports concerning vulnerabilities in Samsung smartphones. In a recent update, Samsung has announced that, while the likelihood of attack is low, it plans to roll out security updates to its mobile devices.

The flaw uncovered by NowSecure mobile security researcher Ryan Welton left more than 600 million Samsung products vulnerable to hackers. 

The problem lies within the SwiftKey keyboard replacement software embedded in all Samsung phones. The software receives updates in plain text, meaning hackers could manipulate SwiftKey into believing it was getting an update when in reality, an attack could be taking place.

In a new report, Samsung claims the chances of exploitation are low because the SwiftKey attack would require very specific conditions. The user and hacker must physically be on the same unprotected network while a language update is being downloaded.

[More security updates: New Apple iOS, OS X Flaw Pose Serious Risk.]

Further, all Samsung flagship models since the Galaxy S4 are protected with the KNOX security platform, which provides real-time kernel protection and requires advanced capabilities for SwiftKey attacks to be effective.

NowSecure reported the flaw to Samsung in December 2014 and Samsung developed a patch for the issue earlier this year. It was the responsibility of wireless carriers to deploy the fix. NowSecure claims that Verizon, AT&T, and Sprint have not yet done so.

However, through KNOX, Samsung can update phones' security policies over the air and eliminate potential vulnerabilities caused by the SwiftKey issue. The company promises that security policy updates will begin rolling out over the next few days.

(Image: Samsung)

(Image: Samsung)

Updates will be directly pushed to devices users, who must agree to receive them. Samsung customers can ensure their device receives updates by going to Settings > Lock Screen and Security > Other Security Settings > Security Policy Updates and ensuring the Automatic Updates option is turned on.

Samsung acknowledges not all of its devices are equipped with KNOX, and it's working on an expedited firmware update. Availability and schedule may vary according to smartphone model, service carrier, and region.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
eitanc
50%
50%
eitanc,
User Rank: Apprentice
7/12/2015 | 4:58:28 AM
A simple workaround
This issue can be solved using a simple workaround if the device is rooted - see here:
fudie.net/how-to-protect-yourself-from-the-samsung-keyboard-vulnerability-in-android-devices/
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
6/22/2015 | 1:07:12 AM
Re: Other keyboards?
Samsung and Apple has always been targets of DoS attacks and other hacking related problems. The question one should ask now is if the new update solves the problems and stops the attacks.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
6/22/2015 | 1:04:09 AM
Other keyboards?
Fleksy is a very good replacement to the swiftKey keyboard and it is very customizable and has a minimalist outlook. Although I don't know if it has vulnerabilities or not.
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll