Samsung Rolling Out Security Update To Fix Keyboard Vulnerability That Affects Up To 600M Galaxy Phones
In an official statement posted last night, Samsung says that while it’s aware of the vulnerability of keyboard updates on Galaxy devices and that it takes all security threats very seriously, the likelihood of a bad actor making a successful attack and exploiting that vulnerability is low.
“This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way,” Samsung says. “This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective.”
The company adds that there haven’t been any reports thus far of Galaxy devices being compromised through the keyboard updates, as of June 15. But because a real risk does exit, Samsung’s security policy update will be coming forthwith.
“In addition to the security policy update, we will continue to work with related parties such as SwiftKey to address potential risks going forward,” Samsung says.
Samsung advises users to make sure their devices automatically receive security policy updates, as it will be pushed to the user and require them to accept it.
To ensure your device receives the latest security updates, go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, the user may also click “Check for updates” to manually retrieve any new security policy updates.
Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.