Samsung promises patches for serious keyboard security hole

By

Knox security policy and firmware updates coming up.

Samsung is scrambling to provide a fix for a serious vulnerability affecting as many as 600 million of its high-end devices.

Samsung promises patches for serious keyboard security hole

The flaw lies in Samsung's customised version of the Swiftkey keyboard, which is the system default in its devices and cannot be uninstalled.

Researcher Ryan Welton showed that it was possible to inject malicious code on devices by exploiting the lack of protection for the keyboard app update mechanism.

Samsung maintained that the vulnerability was difficult to exploit, and said there had been no reported cases of customers' Galaxy devices being compromised.

Furthermore, Samsung said its Knox security platform, installed on flagship devices since the Galaxy S4, would protect users against the keyboard vulnerability by taking advantage of Security Enhancements for Linux, which has been part of Google's Android operating system since version 4.3.

SELinux enforces mandatory security settings on Android devices.

The Korean electronics giant will issue policy updates to stop the keyboard vulnerability over-the-air in the coming days, Samsung said. To receive it, user devices must have automatic reception of security policy updates enabled.

Samsung said there would be an expedited firmware update for those devices that do not have Knox installed by default.

That update will need testing and approval by telcos retailing Samsung devices before it becomes available. Samsung did not provide a time frame for the firmware update rollout.

Samsung had provided an update to its telco partners earlier in the year but has now opted to send it direct to affected customer phones.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?