Skip to main content
  1. Home
  2. Mobile
  3. News

Samsung pledges to fix keyboard security vulnerability within days

Robert Nazarian
By

Samsung Galaxy S6 Camera
Jeffrey Van Camp/Digital Trends
If you’re rocking a Samsung smartphone, you could be vulnerable to hackers — thanks to a preinstalled keyboard on your device.

The vulnerability was discovered by Ryan Welton from mobile security specialists NowSecure. The issue is with the preinstalled Swift keyboard which looks for language pack updates over an unencrypted line. Welton found that a hacker could create a spoof proxy server and send a fake update to the device with malicious code. The hacker could then exploit the device by eavesdropping on incoming and outgoing messages or voice calls, access personal data such as pictures or text messages, tamper with apps, and even install other malicious apps.

Related Videos

Updated on 06-17-2015 by Robert Nazarian: Added in statements from SwiftKey and Samsung, clarified that the SwiftKey keyboard app is not vulnerable, and added news that Samsung will fix the issue soon.

SwiftKey is not a fault

After yesterday’s report, SwiftKey reached out to us to with the following statement to ease the mind of SwiftKey users worldwide: “We’ve seen reports of a security issue related to the Samsung stock keyboard that uses the SwiftKey SDK. We can confirm that the SwiftKey Keyboard app available via Google Play or the Apple App Store is not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”

swiftkey-android-app-on-google-play

It appears that SwiftKey only supplies the technology that powers the word prediction for the Samsung keyboard. Unfortunately, Samsung’s method of integrating SwiftyKey’s technology with its own keyboard is what caused the vulnerability, and users of the SwiftKey app on non-Samsung devices shouldn’t worry.

Samsung will issue security policy update through Samsung Knox

Yesterday’s report indicated that carriers needed to release updates to fix the keyboard security flaw, but it appears Samsung can do it much quicker through Samsung Knox.

“Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security,” a Samsung spokesperson told us. “Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward.”

This is great news, but this leaves us wondering why Samsung didn’t use this method before.

A security researcher found the flaw in late 2014

Welton first discovered the flaw last year and subsequently notified Samsung in December 2014. Samsung immediately worked on a patch and sent updates to various carriers for devices running Android 4.2 or higher in March 2015. However, it’s unknown whether these patches have made their way to devices. Carriers are notorious for taking their time with updates due to their so-called rigorous testing for bugs.

Chances are very slim that a hacker who knows about this security flaw will be at your local Starbucks at the same exact time as you.

Unfortunately, there is no other fix because users can’t simply uninstall the Swift app — one of the not so joyous benefits of carrier bloatware. Users are still vulnerable even when Swift isn’t set as the default keyboard.

What’s even scarier about this vulnerability is it even affects the Galaxy S6, which was released in April. Welton detailed this security flaw earlier today at the Blackhat Security Summit in London. He stated that he was able to hack into a Galaxy S6 running on Verizon Wireless. “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days,” a NowSecure spokesperson confirmed.

According to the NowSecure website, it’s likely that the Galaxy S4 Mini, Galaxy S4, Galaxy S5, and Galaxy S6 are all affected, but it’s unclear which carrier-specific models received updates. The site only mentions U.S. carriers, so we aren’t sure if owners of international variants need to be worried.

Now before everyone with a Samsung phone goes into a panic attack, we need to point out that chances are rare that your device will be attacked through this vulnerability. A hacker can only use this method via a public Wi-Fi network, like those found at a coffee shop, hotel, or other public spaces. More importantly, a hacker has to have knowledge of this exploit and has to be on the same network as you. Chances are very slim that a hacker who knows about this security flaw will be at your local Starbucks at the same exact time as you.

Nevertheless, a security flaw should never be taken lightly, so NowSecure recommends staying away from public Wi-Fi networks if you have one of these Samsung devices. That might be easier said then done, though, especially for those who are on capped data plans and don’t want to use their carrier’s mobile network all day. The other thing you can do is contact your carrier and demand that your phone gets updated with the patch if it hasn’t already.

Editors' Recommendations

Topics
Common Samsung Galaxy S10, S10 Plus, and S10e problems and how to fix them
Galaxy S10 Plus.

It's little wonder the Samsung Galaxy S10 range has proved so popular since its release in spring 2019. Comprising three models, the Galaxy S10 range boasts a hole-punch display, powerful hardware, and some outstandingly versatile camera tech.

But like all things in life, it's not perfect. Whether you're rocking the Samsung Galaxy S10, the super-sized Galaxy S10 Plus, or the cheaper (but still great) Galaxy S10e, you're likely to come across some problems and issues that make life with your chosen partner a little harder to handle. But don't worry, there are solutions to most issues, and we're here to dig them out so you can stop pulling your hair out. Here are some of the most common Samsung Galaxy S10, S10 Plus, and S10e problems, and how to fix them.
Issue: Apps crash or Force Close
A big issue that has plagued Galaxy S10 owners since launch has been a certain instability where apps are concerned. It seems that apps are prone to crashing or throwing up a Force Close error. This has happened with a big range of apps, and has even been reported after the Android 11 update. This isn't just an issue with the Galaxy S10, and other Galaxy smartphones have also showcased this error.
Solutions:

Read more
Samsung’s latest 5G mmWave test took place inside a speeding subway train
A subway train in New York City.

As part of the tech industry's ongoing effort to test its 5G network speeds under every set of circumstances imaginable, Samsung announced on Monday that it had successfully managed to attain 1.8Gbps Wi-Fi downlink speeds on the subway in Seoul, South Korea.

The test involved the use of a Samsung Galaxy S21 Ultra on a moving train, which circulated through five stations in the downtown Seoul area. Samsung had installed its 5G millimeter-wave (mmWave) Compact Macro access units along the railways, where they ran at 800Mhz in the 28GHz spectrum band.

Read more
The Samsung Galaxy Tab S7 FE 5G gets a U.S launch. Can it compete with the iPad?
samsung galaxy tab fe 5g us release price availability s7

The Samsung Galaxy Tab S7 FE 5G is finally getting a U.S. launch and price details after previously having been announced for other markets in May. The S7 FE is a new version of the Samsung Galaxy Tab S7 Plus. Like other “Fan Edition” devices like the Samsung Galaxy S20 FE, it acts as a more affordable, mid-range option next to Samsung’s premium lineup, but stands a step above the budget Galaxy Tab A series.

The Tab S7 FE 5G will be available starting August 5 for $669 directly from Samsung.com, AT&T, and Verizon. T-Mobile, U.S. Cellular, and other retailers will also get it in the following days. The 5G model will only come in Mystic Black, while the Wi-Fi version comes with various color options including black, silver, light green, and light pink.

Read more