Samsung Says SwiftKey Keyboard Security Flaw Patch Coming in a Few Days

Soon after a report claiming that several Galaxy models were plagued with a keyboard security flaw, Samsung has revealed that it is working on a patch for its devices which will start rolling out in a few days. Notably, Samsung has confirmed that it will make use of its Samsung Knox security suite to fix the keyboard security flaw that was alleged to allow an attacker to remotely execute code as a system user on Galaxy devices.In a statement, Samsung told Android Central, “Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerability caused by this issue.”Samsung without giving any exact release date for the Samsung Knox’s updated security policy confirmed that it will start rolling out in a few days.

“In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward,” said Samsung.

According to a report by mobile security company NowSecure, the SwiftKey keyboard flaw could allow an attacker to remotely access sensors (including features such as GPS, camera, and microphone); secretly install malicious app without the user knowing and fiddle with how other apps function, or how the smartphone works. The security flaw could also allow an attacker to eavesdrop on incoming/ outgoing messages or voice calls while could allow access to personal data such as images and text messages.

SwiftKey in an emailed statement to NDTV Gadgets defended itself, saying the SwiftKey app available on Google Play and App Store had no such security flaw. The company added that while SwiftKey supplied Samsung with the ‘core technology’ to power word predictions on its keyboards, it “appears the way this technology was integrated on Samsung devices introduced the security vulnerability.” SwiftKey said it is working with “long-time partner” Samsung to resolve the issue.

The statement added that the vulnerability was difficult to exploit, and only possible if the Samsung device user is connected to a compromised network (such as a spoofed public Wi-Fi network) and the device was undergoing a language update at the same time.