Samsung will update the security software on its Galaxy smartphones to address a flaw that researchers warned could let attackers access people’s devices.
On Thursday, Samsung said it would issue a fix that would roll out over the coming days to owners of the Galaxy S4, released in 2013, and later models. Welton said the company began issuing patches to mobile providers at the start of 2015, though “it is unknown if the carriers have provided the patch to the devices on their network”. Still, this isn’t the sort of exploit any company can ignore, especially when a research firm has already detailed exactly how it works. “Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue”.
According to the researcher the way Samsung installs Swift onto its phones means that it runs as a system user, “a notch short of being root”, which has complete control over a computer or smartphone.
Thanks to publicity surrounding a vulnerability found in the way Samsung updates its language packs on the stock keyboard app, powered by SwiftKey, a fix is incoming for those who find tinfoil hats fashionable.
SwiftKey, which predicts words and emoticons when a user is typing, comes with many Samsung devices and can also be downloaded at Google and Apple online stores. But after NowSecure discovered Galaxy S6 phones from Verizon and Sprint were still vulnerable, it decided to announce the vulnerability at a hacker conference, forcing Samsung to respond.
p style=”text-align: center;”>