This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 18 °C Friday 7 August, 2020
Advertisement

Own a Samsung device? It may have a major security flaw

More than 600 million Samsung devices could be affected by this flaw.

The S6 is one Samsung device that could be affected by this security flaw.
The S6 is one Samsung device that could be affected by this security flaw.
Image: TheJournal.ie

(Update: 19:07)

MORE THAN 600 million Samsung smartphones may have a major security flaw that would allow attackers to access your device remotely and install malware without your knowledge.

Security firm NowSecure released a report saying the flaw comes from a pre-installed keyboard called Swift.

The keyboard is installed on a number of Samsung smartphones ranging from the S4 to S6. Other Samsung devices may be affected by the issue, but it hasn’t been confirmed yet.

The problem involves how much access the keyboard has to a phone’s settings. Since manufacturers (and carriers) pre-install third-party applications onto a device, Samsung’s keyboard is given system user status.

This allows it to access most functions on the phone like the microphone and camera. If it’s exploited, it would allow attackers to extract personal info and these settings remotely and install apps onto the device without the user knowing.

When the flaw was discovered in December 2014, NowSecure informed CERT (an organisation which researches bugs that impact software and web security) and Google Android’s Security team about it.

Samsung began providing a patch in early 2015, but the issue lies with the carriers who may or may not have updated their version with the patch. It’s not known whether carriers have installed the patch or not.

The keyboard app cannot be uninstalled or disabled so to reduce risk, it’s recommended you avoid insecure or unknown WiFi networks, or use a different mobile device.

Samsung issued a statement in relation to the flaw saying that the phone’s core functions weren’t affected by this issue and that a security policy update will begin rolling out in a few days.

Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.It is important to note that the phone’s core functions (kernel) were not affected by the reported issue due to the protection of the Samsung KNOX platform in all S4 models and above.

Samsung KNOX also has the capability to update the security policy of the phones, over-the-air, to invalidate any remaining potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.

In addition to the Security Policy update, we are also working with SwiftKey to address potential risks going forward.

(Originally published: 14:02)

Read:  Ever wonder how much time you actually spend using apps? Here’s how you find out >

Read: Two Irish guys have invented a Shazam-style app for live music >

  • Share on Facebook
  • Email this article
  •  

About the author:

Quinton O'Reilly

Read next:

COMMENTS (17)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel