The problem with built-in apps in mobile devices comes forth when a security hole associated with it presents a real threat to the users.
That is what is happening with the Swift keyboard, a mobile app pre-loaded onto Samsung handsets by default. Researchers from NowSecure have reported that at least 600 million Samsung devices run the potential risk of exposing users to remote attacks as the keyboard’s update mechanism is found to contain some sort of vulnerabilities.
The vulnerability has come into existence due to Samsung’s own shortcomings. The company’s method of delivering over the air updates, or OTA, gives the Swift keyboard access to user data. The threat could come in the form of a man-in-the-middle attack via a local WiFi network.
Some of the devices that could have been potentially exposed to this risk include the Samsung Galaxy S5 and Galaxy S4.
One security malpractice that led to this vulnerability is the use of the HTTP protocol instead of HTTPS in the network through which Samsung signs the OTA update for Swift keyboard. As a result, attackers will be able to gain access to the update and insert a malware or take control of the tools that come with it. Furthermore, the attacker can then view email, contact and other sensitive data owned by the user.
Meanwhile, Samsung claims it has already moved to patch the security flaw by first sending fixes to the Android 4.2 version and earlier iterations. Then it said it has also sent updates to carriers and also fixed the issue with the Galaxy S6. However, NowSecure researchers maintain that it has still seen the vulnerability in new Galaxy S6 devices sold in the market.
What makes the situation a little bit tragicomic is that the keyboard app continues to request updates from Samsung and the Korean tech giant remains oblivious to the existence of the threat. The research findings also point to the fact that the vulnerable update mechanism comes into play only on system reboot or within a few hours on a periodic basis. That means the exploit takes effect on a potential victim when that user is within the untrusted network within the period during which the vulnerable mechanism takes place.
As stated above, what makes this vulnerability hard to avoid is the fact that pre-installed apps such as Swift would never be removed from Samsung devices, unless y our handset is rooted. And even if you choose not to use it, the keyboard app still runs in the background.
Samsung can only deliver a real fix to this issue in order to address the vulnerabilities that now threaten hundreds of millions of devices.