In a blog post, Samsung said, "Samsung takes all security threats very seriously. There have been reports that there is vulnerability when keyboard updates are carried out on Galaxy devices. We are aware of this issue and are committed to providing the latest in security on all of our devices."
"Samsung Knox has the capability to update the security policies of our devices, over-the-air, to invalidate potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days," the firm added.
Samsung explains that all flagship models since Galaxy S4 have the Knox security platform installed, but added that it is working on an expedited firmware update for devices that don't come with Knox by default. It will be made available upon "completion of all testing and approvals."
For users with devices featuring Knox, Samsung recommends making sure their devices are ready to receive the security policy update. "To ensure your device receives the latest security updates, go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates."
According to a report by mobile security company NowSecure, the SwiftKey keyboard flaw could allow an attacker to remotely access sensors (including features such as GPS, camera, and microphone); secretly install malicious app without the user knowing and fiddle with how other apps function, or how the smartphone works. The security flaw could also allow an attacker to eavesdrop on incoming/ outgoing messages or voice calls while could allow access to personal data such as images and text messages.
SwiftKey in an emailed statement to NDTV Gadgets defended itself, saying the SwiftKey app available on Google Play and App Store had no such security flaw. The company added that while SwiftKey supplied Samsung with the 'core technology' to power word predictions on its keyboards, it "appears the way this technology was integrated on Samsung devices introduced the security vulnerability." SwiftKey said it is working with "long-time partner" Samsung to resolve the issue.
The statement added that the vulnerability was difficult to exploit, and only possible if the Samsung device user is connected to a compromised network (such as a spoofed public Wi-Fi network) and the device was undergoing a language update at the same time.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.