Samsung calls on Knox to address keyboard security risk

Yesterday we learned about a potentially nasty situation brewing with the software on many Samsung Androids, as a vulnerability discovered in the SwiftKey-designed keyboard such phones shipped with could present an attacker with the opportunity to sneak some malicious code onto the handsets. And despite the security researchers having notified Samsung late last year, it wasn’t clear just which, if any phones had been patched to address the issue. We asked Samsung just what was going on in its efforts to patch the hole, and today the company’s issued a statement explaining what it’s up to.

From the sound of things, while the vulnerability hasn’t been fixed just yet, it’s going to be very soon. As the company explains, “Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.”

Rather than issuing a full firmware update that could involve weeks of testing for each model, not to mention delays caused by carrier approval, the Knox security subsystem on Samsung phones gives the manufacturer a quick way to address situations just like this one. When that Knox policy update arrives in the next few days, Samsung phones should find themselves secure against this keyboard-software attack.

Samsung continues with its statement, “In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward.” Sounds like a smart move to us.

Source: Samsung

Discuss This Post

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!