Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

€2 a Month €5 a Month One-off amount
The S6 is one Samsung device that could be affected by this security flaw. TheJournal.ie
Risk

Own a Samsung device? It may have a major security flaw

More than 600 million Samsung devices could be affected by this flaw.
2.05pm, 17 Jun 2015
19.4k
17

(Update: 19:07)

MORE THAN 600 million Samsung smartphones may have a major security flaw that would allow attackers to access your device remotely and install malware without your knowledge.

Security firm NowSecure released a report saying the flaw comes from a pre-installed keyboard called Swift.

The keyboard is installed on a number of Samsung smartphones ranging from the S4 to S6. Other Samsung devices may be affected by the issue, but it hasn’t been confirmed yet.

The problem involves how much access the keyboard has to a phone’s settings. Since manufacturers (and carriers) pre-install third-party applications onto a device, Samsung’s keyboard is given system user status.

This allows it to access most functions on the phone like the microphone and camera. If it’s exploited, it would allow attackers to extract personal info and these settings remotely and install apps onto the device without the user knowing.

When the flaw was discovered in December 2014, NowSecure informed CERT (an organisation which researches bugs that impact software and web security) and Google Android’s Security team about it.

Samsung began providing a patch in early 2015, but the issue lies with the carriers who may or may not have updated their version with the patch. It’s not known whether carriers have installed the patch or not.

The keyboard app cannot be uninstalled or disabled so to reduce risk, it’s recommended you avoid insecure or unknown WiFi networks, or use a different mobile device.

Samsung issued a statement in relation to the flaw saying that the phone’s core functions weren’t affected by this issue and that a security policy update will begin rolling out in a few days.

Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.It is important to note that the phone’s core functions (kernel) were not affected by the reported issue due to the protection of the Samsung KNOX platform in all S4 models and above.

Samsung KNOX also has the capability to update the security policy of the phones, over-the-air, to invalidate any remaining potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.

In addition to the Security Policy update, we are also working with SwiftKey to address potential risks going forward.

(Originally published: 14:02)

Read:  Ever wonder how much time you actually spend using apps? Here’s how you find out >

Read: Two Irish guys have invented a Shazam-style app for live music >

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More

Author
Quinton O'Reilly
quinton@thejournal.ie
@qoreilly
Send Tip or Correction
Read Next
More Stories
Related Tags
Your Voice
Readers Comments
17
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.