Skip to main content

Samsung SwiftKey vulnerability: How to protect yourself according to Tripwire

Yesterday it emerged that a SwiftKey vulnerability has left as many as 600 million Samsung users at risk from hackers.

Samsung and SwiftKey have both issued statements assuring users that all attempts are being make to provide a solution, but until then there's not a huge amount that Samsung owners can do.

Security experts at Tripwire have offered their advice to users about the real-world risks and how to protect themselves until a patch is released.

Lane Thames, Software Development Engineer at Tripwire:

“The Samsung/SwitfKey keyboard vulnerability is an irritating one. It is irritating because most users will not be able to uninstall the vulnerable software and because most carriers are currently not shipping a patch, at least according to information available today.

"There are many good keyboards available for the Samsung device, so a simple solution could be to just remove the vulnerable keyboard. Unfortunately, neither Samsung nor most wireless carriers want you to do that, usually for the same reasons they sell locked phones.

"On the plus side for the end user, this vulnerability requires a bit of effort to successfully exploit, according to the technical details that have been released. It requires a MITM attack infrastructure where a vulnerable keyboard application initiates a language pack download or update. From the details, this update/download initiation occurs after boot and periodically during normal use.

"To minimize risk until a patch is available, users should refrain from rebooting their device if connected to WiFi and, particularly, should refrain connecting to unknown or insecure WiFi. This issue could be exploited over the cellular network, but it is a harder approach except for the most experienced attackers.”


Craig Young, Security Researcher at Tripwire:

“For the average user, the best interim options are to avoid the use of untrusted Wi-Fi connections. Reviewing the saved network profiles in the Android Wi-Fi settings allows a user to easily delete saved connection profiles for unprotected networks.

"This is hugely important because once a vulnerable Samsung phone has connected to that cafe wifi or even the open Wi-Fi provided by your ISP, any novice attacker with off-the-shelf tools can trick your phone into connecting through their hostile network setup to exploit this flaw.

"In my eyes however the crux of the biscuit here is the state-sponsored attack. Nations with an eye toward spying on and oppressing dissidents can have a field day with this vulnerability silently installing malware onto all the affected Samsung devices connecting through the cellular internet connection.

"Defence against this type of attacker and detection of the resulting attack is far more difficult for the average user and power users alike. Until Samsung devices get patched, the most paranoid users will want to take advantage of censorship bypassing VPN services like that give users the control to prevent any plaintext communication directly from the Android.

"Of course all bets are off if the pop-out point from the VPN is on a network controlled or influenced by an adversary.”