Security is increasingly becoming one of the most important factors for consumers when purchasing a new handset. This is not that surprising when you consider the amount of headlines that has been paid over the last year to attacks on devices, data breaches, leakage and malware. As the news repeatedly comes in, consumers become increasingly cautious of their data and manufacturers become increasingly interested in offering ways to protect your data. A prime example is the security emphasis which Google seems to have placed on their latest android update, Android 5.0 (Lollipop) and their next update, Android M.
Samsung is no different. The company has long been working on their Knox security suite, which is designed to offer users an additional level of security and safety. However, it is now emerging that many Samsung devices might have been suffering from a vulnerability, which could in turn lead to a device being compromised. The issue was brought to the attention at this year’s Blackhat conference by Ryan Welton from NowSecure, a mobile security specialist company. The vulnerability refers to the SwiftKey application which comes preinstalled on most Samsung devices. The short of the problem is as follows. SwiftKey routinely looks for language pack updates, however, the updates are looked for in plain text and not over encrypted channels. As a result, Welton was able to highlight how malicious updates could be sent to the device using this method. Furthermore, the malicious code could remain on the device, which in turn, could then be used to further attack the device or recover user’s data.
Now the actual issue with SwiftKey is not a new one, as it is reported that back in November of last year, Samsung had been made aware of the problem. Not to mention, that by the time the Galaxy S6 and S6 Edge had been unveiled, Samsung had also released a patch to fix the issue (for devices on Android 4.2 or higher). However, at the recent Black-hat event, Welton was able to show the vulnerability was still there and present on the Galaxy S6 and confirmed the vulnerability had been noted on devices running on both Verizon’s and Sprint’s network. Not to mention, a spokesperson for NowSecure stated that the vulnerability is likely to be still applicable to many Samsung devices, including both their flagship Galaxy S and Note ranges. On the positive side, it would seem that the vulnerability is most dangerous when the attacker is on the same network, therefore, the user can go someway to protecting their device by ensuring they only use trusted networks.