Samsung to roll out security patch for keyboard vulnerability

Samsung has announced it is getting ready to fix a bug affecting 600 million Galaxy smartphones that can expose the user to a remote code execution attack.

The vulnerability, which was exposed by security firm NowSecure on 17 June, allows a hacker to access the handset as a system user - one of the highest privilege levels - via the pre-installed, third-party Swift SDK word prediction software, either on reboot or when the app updates. The attacker can then snoop on the victim by reading text messages or even activating the camera.

According to NowSecure, the attack vector is open even if the default keyboard is not Swift.

The organisation claims it told Samsung of the vulnerability in November last year, but decided to go public this week after the hardware maker failed to act on the information.

For its part, Samsung has played down the likelihood of an attack.

"This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to exploit the device this way," the company said. Nevertheless, it is rolling out a security patch over the course of the next few days to combat the issue.

"In addition to the security policy update, we will continue to work with related parties such as SwiftKey to address potential risks going forward," Samsung added.

While waiting for the update to arrive, the company has advised owners of Galaxy S4, S5, S6 and S6 Edge handsets to turn on the pre-installed KNOX security platform, which can mitigate the threat.

Those who own a Galaxy S3, though, or a non-flagship phone do not have this option and, it would seem, may have to wait a longer to receive a patch, which will eventually come in the shape of a firmware update.

Tod Beardsley, engineering manager at security Firm Rapid7, has commended Samsung for acting quickly following the public revelation of the problem, stating: "Given the unlikely nature of the attack, it's good to see that Samsung is taking this exposure seriously."

"I imagine a proper operating system patch will be released in the coming weeks and months for everyone ... [and] in the meantime users should be aware of the networks they habitually connect to, routinely remove 'remembered' networks they don't often use, and ensure that they reeboot their Samsung devices only while associated to netoworks they normally trust," he added.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.