Samsung on Thursday announced that it will release a security fix for the keyboard flaw in the coming days. The update comes two days after security researchers found that the SwiftKey keyboard pre-installed in Samsung Galaxy smartphones was vulnerable to hackers.
The security flaw which allows hackers to penetrate the device, eavesdrop on phone calls, install malicious apps was discovered by Now Secure. Samsung stated on their website that the user sand the hacker must be on the same unprotected network, and other users on a secure network need not worry about the bug. However, the company acknowledged that the risk does exist.
Samsung announced that devices running Knox security software, pre-installed in Galaxy S4 and later will receive the new security policies that will invalidate the vulnerability. Devices without the Knox software will not receive the update immediately. A Knox protected device uses a password-protection feature that gives two workspaces in one phone. The feature can also provide real-time kernel protection to prevent attacks from taking action.
Samsung said that they are working on an expedited firmware update that will be available upon completion of testing and approval. The company added that the fix will depend on carriers approving firmware updates. Samsung will be releasing the update in a few days, and has asked users to make sure the phones have been programmed to receive them. Samsung will be working closely with its partners to address the potential risks of going forward.
To ensure your device receives the latest security updates, go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates.
Ken Westin, senior security analyst at threat detection firm Tripwire said that the vulnerability could be around for some time because of the fragmentation and the proprietary build by the carriers of the Android operating system. Westin added that many carriers are slow to deploy updates and consumers are not always aware that they need to patch their phones like their computers.[ Source ]