Image

Image

This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way. This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective. So the likelihood of making a successful attack, exploiting this vulnerability is low. There have been no reported customer cases of Galaxy devices being compromised through these keyboard updates. But as the reports indicate, the risk does exist and Samsung will roll out a security policy update in the coming days.To receive the security update, you need to be running the KNOX security platform, which has been installed on all flagship Samsung phones since the Galaxy S4. To ensure that you receive the security update, go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and check that the Automatic Updates option is activated. You can also manually check for updates on the same screen. Of course, this raises the question of what you should do if your Samsung Android phone has the SwiftKey keyboard pre-installed but doesn't have the additional security provided through KNOX. Samsung says that for those users it is "working on an expedited firmware update that will be available upon completion of all testing and approvals." Unfortunately, whether you receive that firmware update will rather depend on your carrier's willingness to push it out - a perennial problem for many Android users. Samsung hardly has an unblemished record when it comes to security issues with its devices. Backdoors have been found on its Android devices, its fingerprint login system has been bypassed, its online store has been found vulnerable to a bug that could allow hackers to hijack accounts, and its smart TVs have been accused of capturing private conversations and passing them to third parties. Whether their response to this latest security scare has been timely enough is up for debate, but now that a fix is in the works, Samsung customers would be wise to ensure that they have properly configured their Android devices to receive this and future security updates.