Samsung Galaxy Hacking Vulnerability Worrying for BYOD Schemes

Despite a security vulnerability existing on Samsung Galaxy devices, the electronics giant has yet to issue a fix 7 months after the company was first alerted to a hacking vulnerability affecting S3 to S6 models of Samsung Galaxy phones. The Samsung security vulnerability could potentially allow the phones to be hijacked by hackers, allowing information entered or sent via the phones to be viewed.

The security vulnerability concerns the software used for the phones keyboard, according to researchers at NowSecure. What is especially worrying is the owner or user of the phone does not need to take any actions to allow hackers to gain access the mobile phone; the security vulnerability can be exploited remotely.

How are Hackers Gaining Access to Samsung Phones?


Fortunately, the hack is not straightforward to pull off. It requires considerable technical skill and can only be executed at specific times; when the keyboard software is being updated. The researchers point out that a hacker with access to Wi-Fi networks, or with the ability to otherwise manipulate a user’s network traffic, could gain access to the phone by manipulating the keyboard update mechanism. Once the code is changed it becomes live after a re-boot.

The vulnerability is with the Swift keyboard, which is factory-loaded and cannot be removed or deactivated. The Samsung version of the software – SamsungIME- differs from the Google Play version of the keyboard, which has greater protection as software updates cannot be run by a privileged user.

Hackers could potentially use Wi-Fi networks, cellular base stations, ARP poisoning, DNS hijacking, packet injections and other hacking techniques to manipulate the keyboard updates. SwiftKey, the British firm responsible for providing the software, pointed out that the vulnerability exists only at very specific time points, so in order for the hacker to gain access network traffic, that person would need to be monitoring networks.

SwiftKey was only made aware of the problem on Tuesday last week; although Samsung was alerted in November. NowSecure has reported that it took more than a month for the vulnerability to be acknowledged, and allegedly, Samsung requested a year to solve the issue.

Samsung claims that the security issue was not explained properly back in November, which delayed the response and the fix for the software glitch, according to a recent CNN report. Now the extent of the problem is known, the vulnerability will be addressed. Samsung will be updating all devices via its KNOX service, with the updates expected to be issued in the next few days. Unfortunately for users, with 600 million devices affected, it will take some time for the updates to fully roll out. However, Galaxy phone users will not be able to easily tell if their phone has been updated with the new patch and if the security vulnerability has been addressed.

Galaxy Security Vulnerability a Major Concern for Healthcare BYOD Schemes


Healthcare providers wishing to take advantage of the convenience and practicality of Smartphones can either purchase units for the staff or allow employees to bring their own devices and use them at work. The term BYOD has been referred to as “Bring your Own Doom”, due to the increased risk of privacy violations and the difficulty IT departments have controlling the use of personal mobile phones.

Healthcare providers that have implemented BYOD schemes have been able to gain considerable benefits; productivity is improved, employees do not need a separate work device and outdated communication systems, such as pagers, can be avoided.

Since mobile phones are insecure, a secure text messaging service – such as a secure healthcare text app – must be used in order of PHI to be communicated using the devices. Data encryption ensures that even if the phone is used via an insecure Wi-Fi network, it is not possible for the messages to be read or intercepted.

However, even with a secure texting app, this Samsung Galaxy security vulnerability could allow data on the phone to be read. The hack is particularly difficult to pull off- but a security risk does exist until users have the patch installed on their devices.

In the meantime, NowSecure recommends all users of the phones – all 600 million of them – “avoid insecure Wi-Fi, ditch their phones, and call their cell phone carriers to pressure them into a quick fix.” Samsung may be about to issue an update, but the speed at which this is rolled out to users may be dictated by the cell phone carrier. Updates to the phones could therefore be delayed.

According to researchers at NowSecure, the main security risk comes from government-backed hackers who have the time, skill and resources to take advantage of the Samsung Galaxy security vulnerability.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.