• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Write for Us
  • Contact
  • Advertise
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Swift keyboard on Samsung devices exposes users to remote attacks

Updated on Jun 21, 2015 by Guest Authors

The problem with built-in apps in mobile devices comes forth when a security hole associated with it presents a real threat to the users.

That is what is happening with the Swift keyboard, a mobile app pre-loaded onto Samsung handsets by default. Researchers from NowSecure have reported that at least 600 million Samsung devices run the potential risk of exposing users to remote attacks as the keyboard’s update mechanism is found to contain some sort of vulnerabilities.

swift-keyboards

The vulnerability has come into existence due to Samsung’s own shortcomings. The company’s method of delivering over the air updates, or OTA, gives the Swift keyboard access to user data. The threat could come in the form of a man-in-the-middle attack via a local WiFi network.

Some of the devices that could have been potentially exposed to this risk include the Samsung Galaxy S5 and Galaxy S4.

One security malpractice that led to this vulnerability is the use of the HTTP protocol instead of HTTPS in the network through which Samsung signs the OTA update for Swift keyboard. As a result, attackers will be able to gain access to the update and insert a malware or take control of the tools that come with it. Furthermore, the attacker can then view email, contact and other sensitive data owned by the user.

Meanwhile, Samsung claims it has already moved to patch the security flaw by first sending fixes to the Android 4.2 version and earlier iterations. Then it said it has also sent updates to carriers and also fixed the issue with the Galaxy S6. However, NowSecure researchers maintain that it has still seen the vulnerability in new Galaxy S6 devices sold in the market.

What makes the situation a little bit tragicomic is that the keyboard app continues to request updates from Samsung and the Korean tech giant remains oblivious to the existence of the threat. The research findings also point to the fact that the vulnerable update mechanism comes into play only on system reboot or within a few hours on a periodic basis. That means the exploit takes effect on a potential victim when that user is within the untrusted network within the period during which the vulnerable mechanism takes place.

As stated above, what makes this vulnerability hard to avoid is the fact that pre-installed apps such as Swift would never be removed from Samsung devices, unless y our handset is rooted. And even if you choose not to use it, the keyboard app still runs in the background.

Samsung can only deliver a real fix to this issue in order to address the vulnerabilities that now threaten hundreds of millions of devices.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Keychron K4 Wireless Mechanical Keyboard Review – The Biggest & The Best?

Keychron K6 Wireless Mechanical Keyboard Review – Nice Balance Between Design and Function

AuthenTrend AT.Wallet Fingerprint Cryptocurrency Wallet Review – The Coolest One You Can Buy

Yeedi K650 Robot Vacuum Review – A Good Basic Vacuum

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Samsung Galaxy S21 Ultra Model Number SM-G998* Differences
  • Samsung Galaxy S21+ 5G Model Number SM-G996* Differences
  • Samsung Galaxy S21 5G Model Number SM-G991* Differences
  • How to Read and Write to NTFS Drives on Apple M1 Mac?

Copyright © 2021 · All Rights Reserved