Samsung in a blog post today has further explained what to expect in regards to upcoming software fixes to the way its stock keyboard updates itself. As was disclosed earlier this week, it's theoretically possible for an attacker to piggyback on the language packages as they're updating, if you (and the attacker) are on the same unsecure network. It's unlikely — and Samsung today says "there have been no reported customer cases" of phones being compromised by this exploit since the June 16 announcement — but it's still possible.
New security policy updates will push out "in a few days," Samsung says in the post, "to invalidate potential vulnerabilities caused by this issue."
How to get the keyboard exploit fix
To make sure you get the fix that's being issued through Samsung's KNOX software, do the following:
- Go into your main settings menu.
- Enter the "Security" section.
- Scroll down to "Other security settings."
- Choose "Security policy updates."
- Make sure "Automatic updates" is checked.
The phones in question, according to the security firm that announced the exploit, are the Galaxy S4 and GS4 Mini, Galaxy S5, and Galaxy S6, on AT&T, Sprint, T-Mobile and Verizon. Samsung says it's "working on an expedited firmware update" for any devices that didn't have KNOX enabled by default.