Yesterday, we were all shocked (and a little bit scared, just a little bit) to find out about a vulnerability in Samsung phones that hackers can take advantage off. This is specifically through the SwiftKey keyboard app that is pre-installed in over 600 million Samsung phones. Today both Samsung and SwiftKey have made statements dealing with this issue, although Samsung might not have been happy with SwiftKey’s response.
Samsung, in typical PR style, has pointed to one of its products as the possible solution to the issue. The Korean gadget company said, “Samsung KNOX has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.” To be fair, KNOX is beautifully positioned to address situations like this one. But bad luck for those who rooted their phones and tripped/invalidated KNOX.
SwiftKey, in a blog statement that has since been taken down, basically said that the SwiftKey keyboard app is just the app that they have provided for Samsung as one of its tech partners. The vulnerability is not the fault of the app – it is with the way Samsung has programmed its system to grant privileges to the app. The blog post has been taken down, but we’re sourcing Google’s web cache for that one (see below).
For Samsung models that come with KNOX installed, an update will be rolling out in the next few days. You have to make sure the security update setting are enabled. To check the setting,
1. Go To Settings > Lock Screen and Security > Other Security Settings > Security policy updates
2. Automatic Updates option should be checked and enabled
And how about those units which do not have Samsung KNOX pre-installed? Samsung plans to patch the security issue by firmware update. We’ll have to see how soon Samsung rolls them updates out.