With the media storm continuing to swirl around NowSecure’s research showing millions of Samsung mobile device users are at risk due to a significant security threat, the phone maker broke their silence on the issue late last week.
The company released a statement Friday (June 19), acknowledging the flaw residing in the pre-installed keyboard of some Samsung phones which opens the door to escalated attacks on affected devices and the potential for malicious use of sensitive data.
Samsung confirmed plans to rollout security updates to address the vulnerability.
“Samsung KNOX has the capability to update the security policies of our devices, over-the-air, to invalidate potential vulnerabilities caused by this issue,” the blog post said.
“All flagship models since Galaxy S4 have the KNOX security platform installed and have the KNOX platform protection enabled when you turn the device on. One of these protections is Security Enhancements (SE) for Android which enforces a number of mandatory security settings on the device,” they added.
For devices that do not have the security platform, Samsung is working on an expedited firmware update, but encouraged all mobile device users to ensure their mobile devices are receiving the latest security updates by activating the Automatic Updates option.
Mobile device users may find a silver lining in Samsung’s confirmation that a very specific set of conditions are required in order for a hacker to exploit a vulnerable device, according to the researchers’ findings.
“This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective,” the company said.
Although Samsung claims it has yet to see any cases of Galaxy devices being compromised through these keyboard updates, it will continue to work with related parties, such as the keyboard maker SwiftKey, to mitigate any potential risks going forward.
In its own blog post announcement earlier last week, SwiftKey confirmed the issue is “not easy to exploit,” but does recognize that the security vulnerability was introduced to the Samsung devices via the core technology behind the word predictions in the keyboard.
“We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue,” they added.
To check out what else is HOT in the world of payments, click here.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More