How to make sure you get the fix for the Samsung keyboard exploit

Samsung in a blog post today (opens in new tab) has further explained what to expect in regards to upcoming software fixes to the way its stock keyboard updates itself. As was disclosed earlier this week, it's theoretically possible for an attacker to piggyback on the language packages as they're updating, if you (and the attacker) are on the same unsecure network. It's unlikely — and Samsung today says "there have been no reported customer cases" of phones being compromised by this exploit since the June 16 announcement — but it's still possible.

New security policy updates will push out "in a few days," Samsung says in the post, "to invalidate potential vulnerabilities caused by this issue."

How to get the keyboard exploit fix

To make sure you get the fix that's being issued through Samsung's KNOX software, do the following:

  1. Go into your main settings menu.
  2. Enter the "Security" section.
  3. Scroll down to "Other security settings."
  4. Choose "Security policy updates."
  5. Make sure "Automatic updates" is checked.

The phones in question, according to the security firm that announced the exploit, are the Galaxy S4 and GS4 Mini, Galaxy S5, and Galaxy S6, on AT&T, Sprint, T-Mobile and Verizon. Samsung says it's "working on an expedited firmware update" for any devices that didn't have KNOX enabled by default.

Phil Nickinson
  • So...if you don't use Knox, you're SOL, basically?
  • Just turn it on. What do you want? Posted via the Android Central App
  • Why would I turn it on? I don't have work-related things on my phone.
  • So enable it... upgrade to the fix... then disable it. Not that difficult.  
  • But so many people keep saying that KNOX is evil, will give you bad breath, make bald and 2" shorter.
  • 2 inches shorter or my dingy 2 inches smaller? I could live with being 5'8", but I'm not sure that the ladies would like me being 2 inches smaller. Please confirm quickly. :-) Posted via the zenfone 2
  • True story! It gave me a serious case of herpes, too!
  • Knox may not be evil, its more like the ebola virus of android applications, it makes your phone die a slow painful death.
  • Rooted and know is disabled.
  • "know" lol Posted via the Android Central App
  • I just want a fix for having my data toggle back... Posted via the Android Central App
  • ATT GS5 here...there is also an option to manually update security policies. My device said I was running the latest.
  • ..or just stop buying lame S series phones and buy Notes :)
  • I just clicked on it and it said "Failed to update the security policy. Try later." Posted via the Android Central App
  • So this doesn't apply to the Note 4 or any other Note? Posted Via The AT&T Note 4
  • That's exactly what I been trying to find out. From what I've heard it's all Samsung devices S3 and up. Posted via the Android Central App
  • Yeah I know but every article on AC doesn't mention any of the Note's as one of the devices. Posted Via The AT&T Note 4
  • Right. I have a Note 3. Posted via the Android Central App
  • Knox is needed? Looks like it's SwiftKey for me. Posted via the Android Central App
  • Doesn't make a difference, if you have the Samsung Keyboard installed you'll still be vulnerable even if you don't use it.
  • Deleted duplicate.
  • I wish I could, but the recent update on my Tab 4 7 inch deleted the security update option!!!!! Posted via the Android Central App
  • Got Note 4 Edge does this affect my phone?
  • i am sorry to say that i need how to fix the keyboard in my cellphone of android JI and there is :-
    Scroll down to "Other security settings."
    Choose "Security policy updates."
    Make sure "Automatic updates" is checked thank you very much if guys could help me to fix my cellphone