Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Mobile

    Samsung Fixing Keyboard Software Flaw in Galaxy Phones

    By
    Todd R. Weiss
    -
    June 19, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Samsung Galaxy

      Samsung says it is working on a fix for a potential security vulnerability found in the keyboard app of its Galaxy line of smartphones and expects to roll out a security policy update in the next few days.

      The company announced the coming fix in a June 18 post on the Samsung Tomorrow Blog and said that no customers had reported any device attacks due to the issue as of June 16, when reports about the issue began to surface.

      “Samsung takes all security threats very seriously,” the company said in its post. “There have been reports that there is a vulnerability when keyboard updates are carried out on Galaxy devices. We are aware of this issue and are committed to providing the latest in security on all of our devices.”

      The vulnerability, known as CVE-2015-2865, was first reported by security firm NowSecure. NowSecure published a detailed technical analysis on the issue, which is a flaw in how the Swiftkey keyboard app validates language pack updates. The Swiftkey keyboard is installed by default in Samsung’s Galaxy phones.

      According to NowSecure, Swiftkey periodically checks by design for language pack updates over HTTP. “By intercepting such requests and modifying the necessary fields, an attacker can write arbitrary data to vulnerable devices,” according to an alert about the issue.

      Some 600 million Galaxy devices could be affected by the reported vulnerability, according to NowSecure.

      Samsung said in its blog post that the vulnerability requires a very specific set of conditions for a hacker to be able to exploit a device, including that the phone user and the hacker have to be on the same unprotected network while downloading a language update. Samsung also said that its flagship Galaxy smartphones since the Galaxy S4 have the KNOX security platform installed and enabled and that it provides additional capabilities such as real-time kernel protection that can prevent a malicious attack from being effective.

      Samsung said “the likelihood of making a successful attack [and] exploiting this vulnerability is low,” but that it will soon unveil a security policy update to correct it. “In addition to the security policy update, we will continue to work with related parties, such as SwiftKey, to address potential risks going forward,” the company said in the post. “Samsung KNOX has the capability to update the security policies of our devices, over-the-air, to invalidate potential vulnerabilities caused by this issue.”

      When the updates are completed and made available, they will be automatically pushed out to Galaxy smartphone users, according to Samsung. The users, however, must agree to receive the security policy update on their phones for it to be installed.

      To ensure that this occurs, Samsung is asking Galaxy phone users to check their phone’s settings to be sure that their devices are set to accept automatic updates. Users can go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates where they can then confirm that the Automatic Updates option is activated. At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates.

      Samsung said it is also working on an expedited firmware update to address the vulnerability on earlier Galaxy devices that don’t come with KNOX by default. That update will be announced when it is ready, according to the company.

      NowSecure said that if an attacker exploits the SwiftKey flaw, they could access the phone’s camera, secretly install apps and access user data. NowSecure said it informed Samsung of the issue in December 2014, giving the company plenty of time to resolve the issue.

      Todd R. Weiss
      As a technology journalist covering enterprise IT for more than 15 years, I joined eWEEK.com in September 2014 as the site's senior writer covering all things mobile. I write about smartphones, tablets, laptops, assorted mobile gadgets and services,mobile carriers and much more. I formerly was a staff writer for Computerworld.com from 2000 to 2008 and previously wrote for daily newspapers in eastern Pennsylvania. I'm an avid traveler, motorcyclist, technology lover, cook, reader, tinkerer and mechanic. I drove a yellow taxicab in college and collect toy taxis and taxi business cards from around the world.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×