Samsung will release keyboard leak fix in a few days

Samsung will release an update via its security software Knox within a few days, which should fix the security hole in its keyboard. That reported Swiftkey, the maker of the technology behind the onscreen keyboard.

Samsung will start a ‘policy update’ for Knox in a few days, which should make exploitation of the vulnerability impossible, Swiftkey reported in a blog post that is now offline, but which Google still has in its cache. Why the blog post is offline is unknown.

The leak surfaced earlier this week, when a Canadian security firm released information about it. According to the security company, up to 600 million users of Samsung devices may be vulnerable. The exploit isn’t easy, though, as users need to be connected to a cracked Wi-Fi network, while the keyboard also needs to be pushed a language update at the same time.

With the update for Knox, Samsung passes carriers, who should approve an update of the entire firmware. Samsung itself would have the fix ready since the beginning of this year. That makes it unlikely that users in the Benelux have been vulnerable for a long time, because Samsung sells few ‘provider devices’ here. It’s different in North America, where almost every Samsung sold has carrier firmware. Since the fix is ​​ready, Samsung has already given many devices an update, for example to Android 5.0. It is obvious that the fix has been part of such updates.

Swiftkey claims that the keyboards in the Play Store and App Store are not affected by the leak. That makes it likely that the security hole has arisen because the Samsung keyboard on its own devices has more permissions than third-party keyboards, while Swiftkey’s technology does not take this into account.