Many Samsung smartphone users thought the South Korean conglomerate had them covered, but the keyboard crack proved them wrong.
For all that has occurred during the last couple of years, many Samsung Galaxy (OTCMKTS: SSNLF) customers had thought that the smartphone manufacture had them covered when it comes to security, in particular encryption. Unfortunately, all those claims disappeared into thin air, when an issue arose of a crack in the default keyboard in around 600 million Samsung mobile phones.
Ryan Walton from NowSecure, mobile security specialists, unraveled the problem. He did not twisted his words when it blatantly came out with a problem: In plain text, the SwiftKey keyboard, installed in most Samsung phones, looked for pack updates over unencrypted lines, which meant that it was possible for Welton to develop a spoofy proxy server and send malicious security updates to the affected devices.
If it had been left in even more malicious hands, it could give privileges to the attacker and allow tapping of contact data, text messages, bank logins, as well as more information that is deemed private to the user.
The warning was issued to Samsung late last year in November, Samsung had told NowSecure then that it was now working on a patch, and once they made it, were able to deliver it to the carrier networks in early March this year for Android 4.2 and above.
NowSecure’s CEO, Andrew Hogg, says that he still felt that Samsung’s devices were still vulnerable and the flaw had affected the majority of Android devices such as the S3, S4, S5, and Galaxy Note 3 and 4.
A SwiftKey spokesperson confirmed reports that the security concerns relating to the Samsung keyboard existed and the keyboards apps available through Google Play or Apple Store were not entirely affected. The matter is further under investigating.
With the same breath though, the spokesperson also urged customers not to assume that they can simply download a fresh version of their security software from either of the two stores, since they still require a carrier upgrade so that the vulnerability can be properly removed.
Users are reported to having trouble in uninstalling their keyboards, even when it is not a default keyboard, and is still open to further exploitation, so Welton has advised users to be careful as to which carriers they are using and contact the company regarding the vulnerability risk.
While Samsung has not responded to the crisis that has unfolded, the one ‘face saving’ for the South Korean manufacturer is that the attacker is yet to find a way onto the same network before it can exploit the bug.
Samsung stock price ended the day at $1200.
For all that has occurred during the last couple of years, many Samsung Galaxy (OTCMKTS: SSNLF) customers had thought that the smartphone manufacture had them covered when it comes to security, in particular encryption. Unfortunately, all those claims disappeared into thin air, when an issue arose of a crack in the default keyboard in around 600 million Samsung mobile phones.
Ryan Walton from NowSecure, mobile security specialists, unraveled the problem. He did not twisted his words when it blatantly came out with a problem: In plain text, the SwiftKey keyboard, installed in most Samsung phones, looked for pack updates over unencrypted lines, which meant that it was possible for Welton to develop a spoofy proxy server and send malicious security updates to the affected devices.
If it had been left in even more malicious hands, it could give privileges to the attacker and allow tapping of contact data, text messages, bank logins, as well as more information that is deemed private to the user.
The warning was issued to Samsung late last year in November, Samsung had told NowSecure then that it was now working on a patch, and once they made it, were able to deliver it to the carrier networks in early March this year for Android 4.2 and above.
NowSecure’s CEO, Andrew Hogg, says that he still felt that Samsung’s devices were still vulnerable and the flaw had affected the majority of Android devices such as the S3, S4, S5, and Galaxy Note 3 and 4.
A SwiftKey spokesperson confirmed reports that the security concerns relating to the Samsung keyboard existed and the keyboards apps available through Google Play or Apple Store were not entirely affected. The matter is further under investigating.
With the same breath though, the spokesperson also urged customers not to assume that they can simply download a fresh version of their security software from either of the two stores, since they still require a carrier upgrade so that the vulnerability can be properly removed.
Users are reported to having trouble in uninstalling their keyboards, even when it is not a default keyboard, and is still open to further exploitation, so Welton has advised users to be careful as to which carriers they are using and contact the company regarding the vulnerability risk.
While Samsung has not responded to the crisis that has unfolded, the one ‘face saving’ for the South Korean manufacturer is that the attacker is yet to find a way onto the same network before it can exploit the bug.
Samsung stock price ended the day at $1200.