Samsung has responded to reports that a flaw in its keyboard software leaves Galaxy-branded smartphones open to attack.
Specifically, a security firm called NowSecure discovered that language packs for the keyboard are updated through a plain-text, unencrypted connection. NowSecure says the problem is severe enough that it could let hackers: access sensors and resources, such as the GPS radio, camera, or microphone; install malicious apps; tamper with how apps work; eavesdrop on communications; and access sensitive personal data. “Samsung takes emerging security threats very seriously,” said the company in a statement.
“We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.”
The problem stems from the use of Swiftkey’s SDK.
“In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward.”
Swiftkey said its own apps do not pose any risk to consumers. The issue affects devices as far back as the Galaxy S4.