Top Menu

Samsung Keyboard Security Risk – Galaxy S4, S5 and S6 (Updates!)

Samsung Keyboard has a security risk. The problem?

Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.

If the flaw in the keyboard is exploited, an attacker could remotely:

  1. Access sensors and resources like GPS, camera and microphone
  2. Secretly install malicious app(s) without the user knowing
  3. Tamper with how other apps work or how the phone works
  4. Eavesdrop on incoming/outgoing messages or voice calls
  5. Attempt to access sensitive personal data like pictures and text messages

This flaw was uncovered by NowSecure mobile security researcher Ryan Welton. There is nothing you can do now because Samsung won’t allow you to uninstall or remove the keyboard app. What you can do is make sure your phone has the latest updates from Samsung and enable automatic update. Usually it’s in Settings -> About Device -> Software Update. If you not sure how get a friend or colleague to help you look at it.

More info at https://www.nowsecure.com/keyboard-vulnerability/.

Updates – 19 June 2015

Samsung has responded to this keyboard security issue. They are aware of this and will provide an update on all of their devices “in a few days”.

Samsung also suggested users to turn on KNOX. It helps you to securely separate your personal and professional data. And KNOX has a Security Enhancements (SE) for Android which enforces a number of mandatory security settings on the device. Get more info on KNOX here http://www.samsung.com/au/support/skp/faq/1040237.

As well as turning KNOX, Samsung also asked users to set your device automatically receives security policy updates.

Make sure your device automatically receives security policy updates

The security policy update will be pushed to the user. The user must agree to receive the security policy update. To ensure your device receives the latest security updates, go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates.

Lastly Samsung will continue to work with related parties such as SwiftKey to address potential risks going forward. All good Samsung. Hope everyone gets the update soon!

From Samsung blog http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/.

Related Post

, , , , , , , ,