Samsung's Major security bug has been fixed
Samsung announces a fix for wide-reaching Galaxy keyboard exploit
Samsung has finally responded to a serious security bug that had a negative impact on the Galaxy smartphones and tablet keyboards. The security firm NowSecure revealed the exploit earlier this week, which gave hackers the ability to execute code on the devices. Today, Samsung announced that it's issuing a fix to its mobile security policies over the next few days. The company also emphasized that it didn't think the exploit wasn't much of a threat, as the hacker had to be on an unsecured network with your phone. Also, the company's Knox security software offers kernel protection that prevents malicious code from running.
Samsung says most of its users have Knox enabled by default and that a new a new security policy prompt will apply the update automatically. The company is also working on issuing an expedited firmware update to protect devices that don't have Knox enabled already.
You can make sure your phone is ready to receive the security update by following Samsung's instructions below:
Go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates.
So what happened? NowSecure stated that Samsung's implementation of SwiftKey's predictive keyboard left a major opening for an exploit. The firm also made it clear that the issue doesn't affect SwiftKey's standalone apps -- it was entirely Samsung's fault, since it gave SwiftKey's keyboard privileged user status on all of its devices.
What makes is worst is that TechCrunch stated that Samsung was warned about the exploit months ago by NowSecure. At the time, it told the security firm that a fix was already sent to carriers. But after NowSecure discovered Galaxy S6 phones from American Verizon and Sprint were still vulnerable, it decided to announce the vulnerability at a hacker conference, forcing Samsung to respond.
Post a Comment