Soon after a report claiming that several Galaxy models were
plagued with a keyboard security flaw, Samsung has revealed that it is working
on a patch for its devices which will start rolling out in a few days. Notably,
Samsung has confirmed that it will make use of its Samsung Knox security suite
to fix the keyboard security flaw that was alleged to allow an attacker to
remotely execute code as a system user on Galaxy devices.
In a statement, Samsung told Android Central, "Samsung
takes emerging security threats very seriously. We are aware of the recent
issue reported by several media outlets and are committed to providing the
latest in mobile security. Samsung Knox has the capability to update the security
policy of the phones, over-the-air, to invalidate any potential vulnerability
caused by this issue."
Samsung without giving any exact release date for the
Samsung Knox's updated security policy confirmed that it will start rolling out
in a few days.
"In addition to the security policy update, we are also
working with SwiftKey to address potential risks going forward," said
Samsung.
According to a report by mobile security company NowSecure,
the SwiftKey keyboard flaw could allow an attacker to remotely access sensors
(including features such as GPS, camera, and microphone); secretly install
malicious app without the user knowing and fiddle with how other apps function,
or how the smartphone works. The security flaw could also allow an attacker to
eavesdrop on incoming/ outgoing messages or voice calls while could allow
access to personal data such as images and text messages.
SwiftKey in an emailed statement to NDTV Gadgets defended
itself, saying the SwiftKey app available on Google Play and App Store had no
such security flaw. The company added that while SwiftKey supplied Samsung with
the 'core technology' to power word predictions on its keyboards, it
"appears the way this technology was integrated on Samsung devices
introduced the security vulnerability." SwiftKey said it is working with
"long-time partner" Samsung to resolve the issue.
The statement added that the vulnerability was difficult to
exploit, and only possible if the Samsung device user is connected to a
compromised network (such as a spoofed public Wi-Fi network) and the device was
undergoing a language update at the same time.
Source From:- http://gadgets.ndtv.com/
0 comments:
Post a Comment