Over 600 million Samsung mobile device users are vulnerable to a security breach that comes from a defect in the pre-installed keyboard. The SwiftKey keyboard looks for language pack updates over unencrypted lines, which leaves devices vulnerable to man-in-the-middle attacks. The defect gives hackers a way to create spoof proxy servers to send malicious security updates to devices. The SwiftKey keyboard is embedded into many Samsung devices as the default keyboard. Because the vulnerability lies in Samsung’s code, Android users who are using SwiftKey on mobile devices not made by Samsung are unaffected by this bug.
The vulnerability, which was discovered by the mobile security company NowSecure, allows hackers to remotely execute code as a system user and gather personal data. Hackers could get contact information, text messages, and bank and credit card logins. They can also eavesdrop on calls, and activate the phone’s camera, microphone, and GPS remotely.
A SwiftKey spokesperson said the keyboard apps available via Google Play and Apple’s App Store are secure, but current Samsung users can’t download a new keyboard to fix the bug. SwiftKey keyboard checks for updates automatically, so Samsung users who use other keyboard apps are still vulnerable. Users can’t fix the vulnerability by uninstalling or disabling the app either. Users can get rid of the vulnerability through a carrier upgrade, but Verizon and Sprint refused to comment on the issue. Current Samsung users can protect themselves for the time being by avoiding insecure Wi-Fi networks, or even switching over to a different mobile device. Users can also ask their carriers for a timeline regarding patch updates for their devices.
NowSecure discovered the bug in November of last year, and informed Samsung a month later in December. Samsung requested three months to fix the issue, and released a patch to one carrier network in March. Despite this, devices ranging from the Galaxy S3 to S6 and the Galaxy Note 3 and 4 are still vulnerable. Verizon and Sprint’s new Galaxy S6 are still vulnerable to the bug, even though they were recently released. It is unclear what Samsung’s plans are regarding delivering patch updates to devices going forward. Samsung devices with the KNOX security platform installed by default offer kernel protection to prevent malicious code from running. Users with KNOX will receive security updates, but for users without KNOX, Samsung is working on a firmware update.
This flaw demonstrates how technology companies need to stay on top of patch updates to keep their customers secure. Even though it’s been six months since the bug was first brought to Samsung’s attention, it hasn’t been patched. Now consumers are angry that they’ve been left exposed for half a year.
To prevent vulnerabilities from going unnoticed, enterprise organizations can use Promisec Endpoint Manager (PEM), an agentless solution that inspects every aspect of endpoint assets. Most organizations have invested heavily in solutions that decrease the risk of viruses and cyber attacks. Yet, risk still remains from security agents that are disabled or missing, and software patches and licenses that are outdated or expired go unnoticed or even worse not prioritized highly enough to get resolved in a timely manner.
By incorporating organizational security policies, PEM can immediately indicate when systems are no longer compliant with corporate security standards. PEM can also immediately fix problems with compliance. Best practice standards such as NIST, CIS Benchmarks, DISA STIGs and Active Directory group policies can be loaded directly into PEM, allowing IT security personnel to quickly identify vulnerabilities and gauge overall endpoint risk accurately. PEM also provides detailed reports with actionable information. With PEM continuously monitoring for vulnerabilities, companies can roll out the patch updates needed to keep their customers secure.