Samsung Update Fixes SwiftKey Security Flaw - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
11:05 AM
Connect Directly

Samsung Update Fixes SwiftKey Security Flaw

Samsung will release a security policy update following reports of vulnerability in SwiftKey keyboard replacement software.

6 Top Programming Languages For Mobile Development
6 Top Programming Languages For Mobile Development
(Click image for larger view and slideshow.)

Security research firm NowSecure recently published reports concerning vulnerabilities in Samsung smartphones. In a recent update, Samsung has announced that, while the likelihood of attack is low, it plans to roll out security updates to its mobile devices.

The flaw uncovered by NowSecure mobile security researcher Ryan Welton left more than 600 million Samsung products vulnerable to hackers. 

The problem lies within the SwiftKey keyboard replacement software embedded in all Samsung phones. The software receives updates in plain text, meaning hackers could manipulate SwiftKey into believing it was getting an update when in reality, an attack could be taking place.

In a new report, Samsung claims the chances of exploitation are low because the SwiftKey attack would require very specific conditions. The user and hacker must physically be on the same unprotected network while a language update is being downloaded.

[More security updates: New Apple iOS, OS X Flaw Pose Serious Risk.]

Further, all Samsung flagship models since the Galaxy S4 are protected with the KNOX security platform, which provides real-time kernel protection and requires advanced capabilities for SwiftKey attacks to be effective.

NowSecure reported the flaw to Samsung in December 2014 and Samsung developed a patch for the issue earlier this year. It was the responsibility of wireless carriers to deploy the fix. NowSecure claims that Verizon, AT&T, and Sprint have not yet done so.

However, through KNOX, Samsung can update phones' security policies over the air and eliminate potential vulnerabilities caused by the SwiftKey issue. The company promises that security policy updates will begin rolling out over the next few days.

(Image: Samsung)

(Image: Samsung)

Updates will be directly pushed to devices users, who must agree to receive them. Samsung customers can ensure their device receives updates by going to Settings > Lock Screen and Security > Other Security Settings > Security Policy Updates and ensuring the Automatic Updates option is turned on.

Samsung acknowledges not all of its devices are equipped with KNOX, and it's working on an expedited firmware update. Availability and schedule may vary according to smartphone model, service carrier, and region.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/12/2015 | 4:58:28 AM
A simple workaround
This issue can be solved using a simple workaround if the device is rooted - see here:
User Rank: Ninja
6/22/2015 | 1:07:12 AM
Re: Other keyboards?
Samsung and Apple has always been targets of DoS attacks and other hacking related problems. The question one should ask now is if the new update solves the problems and stops the attacks.
User Rank: Ninja
6/22/2015 | 1:04:09 AM
Other keyboards?
Fleksy is a very good replacement to the swiftKey keyboard and it is very customizable and has a minimalist outlook. Although I don't know if it has vulnerabilities or not.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll