Samsung to issue security fix for 600 million Galaxy phones

Samsung will "in the coming days" fix a security flaw that could allow hackers to remotely attack and access data on Galaxy smartphones.

It comes just two days after security researchers revealed that the SwiftKey keyboard, which comes pre-installed on as many as 600 million Samsung Galaxy smartphones, was vulnerable to attack. The flaw, discovered by NowSecure, could allow hackers to access the device, eavesdrop on phone calls, and install malicious apps.

See also

600M Samsung Galaxy phones reportedly at security risk due to keyboard flaw

A security firm says keyboard language packs are updated over a plain-text, unencrypted connection which opens the door to remote sensor and data access.

Read now

In a statement Thursday, the company downplayed the vulnerability, saying that a successful attack requires a "very specific set of conditions" to exploit a device, but acknowledged that the "risk does exist."

The phone maker said that devices running the Knox security software, including the Galaxy S4 and later, will receive new security policies shortly that will "invalidate" the vulnerability.

But devices that don't come with the Knox software will not receive the patch immediately, the company confirmed.

"We are currently working on an expedited firmware update that will be available upon completion of all testing and approval," said Samsung, adding that the fix may rely on carriers approving firmware updates.

Samsung also said it would work closely with its partners, including SwiftKey, to "address potential risks going forward."