So yesterday we warned our readers of a security flaw in Samsung’s Galaxy phones series 4-6. That same evening it was clarified that the flaw was in the way the Swype technology software was installed into the Samsung phones and that the danger of being hacked existed when, “the device reboots, and when the keyboard software automatically updates at any random time”. Samsung has stepped up and issued this statement on the situation:
Information Regarding the Keyboard Security Issue and Our Device Policy Update.
What does this mean for Samsung users? Nothing has really changed. I recommend you keep your wifi off until they issue the patch. The phone will not alert you when the language update is being performed on your phone, hence, because of the large amount of public wifi signals around us 24/7, it could happen at any moment.
And when will the patch be issued? Hopefully soon.
Yesterday we also promised to explain why the carriers – T-Mobile, Verizon, AT&T, etc, are at fault for this pathetic mess. We drew your attention to the fact that the carriers knew about this “at the start of 2015” when they were warned and patches were issued by Samsung, who had been informed by NowSecure in December 2014. NowSecure also informed the United States Computer Emergency Readiness Team (CERT) and Google’s Android security team about the problem. So everyone knew in a timely manner, issued the patches and said, “Okay carriers, the ball’s in your court. Issue the patch and fix this”.
They dropped the ball, kicked it into the neighbor’s yard and claimed it never even existed.
Doesn’t it make you feel good that this is what you pay upwards of $100s of dollars a month for?