Information Regarding the Keyboard Security Issue and Our Device Policy UpdateShare open/close
Samsung takes all security threats very seriously. There have been reports that there is vulnerability when keyboard updates are carried out on Galaxy devices. We are aware of this issue and are committed to providing the latest in security on all of our devices.
This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way. This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective.
So the likelihood of making a successful attack, exploiting this vulnerability is low. There have been no reported customer cases of Galaxy devices being compromised through these keyboard updates.* But as the reports indicate, the risk does exist and Samsung will roll out a security policy update in the coming days.
In addition to the security policy update, we will continue to work with related parties such as SwiftKey to address potential risks going forward.
The security policy updates will begin rolling out in the coming days
All flagship models since Galaxy S4 have the KNOX security platform installed and have the KNOX platform protection enabled when you turn the device on. One of these protections is Security Enhancements (SE) for Android which enforces a number of mandatory security settings on the device.
Samsung KNOX has the capability to update the security policies of our devices, over-the-air, to invalidate potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.
Make sure your device automatically receives security policy updates
The security policy update will be pushed to the user. The user must agree to receive the security policy update. To ensure your device receives the latest security updates, go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates. **
For the devices that don’t come with KNOX by default, we are currently working on an expedited firmware update that will be available upon completion of all testing and approvals. ***
* As of June 16, 2015 (Suwon, Korea), when the issue was first publicly reported
** Exact menu path may vary by model
*** Availability and schedule may vary by factors including, but not limited to, model, region and service carrier
Press Resources > Issues & Facts > Statements