Samsung announces fix for Galaxy keyboard vulnerability
We reported on Wednesday that a flaw in the pre-installed SwiftKey keyboard software could put millions of Galaxy devices at risk.
Samsung has moved fast to reassure users and has announced that it's preparing a fix which will be pushed out to devices in the next few days. In addition to the update the company says it will continue to work with third-parties like SwiftKey to address risks in future.
In its official statement the company is at pains to point out that the likelihood of an attack successfully exploiting the vulnerability is low. It says, "This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way. This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective".
The update will be rolled out via the KNOX security platform which is installed on all models since the Galaxy S4. To make sure you can receive the update you need to go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure that the Automatic Updates option is activated. On the same screen, you can also click Check for updates to manually retrieve any new security policy updates.
For devices that don't have KNOX by default Samsung says it's working on expediting a firmware update that will be available once testing and approval is complete.
If you have a Samsung smartphone make sure that it's properly configured to receive the update.