Samsung to plug security hole on Galaxy smartphones

galaxy s6 active h5 1

 

Samsung will update the security software on its Galaxy smartphones to address a flaw that researchers warned could let attackers access people’s devices.

Earlier in the week, researchers at NowSecure, a mobile security company, identified the flaw in SwiftKey, a keyboard application that comes preloaded on Galaxy smartphones. The flaw could be exploited even when SwiftKey was not used as the default keyboard, NowSecure said.

ADVERTISING

On Thursday, Samsung said it would issue a fix that would roll out over the coming daysto owners of the Galaxy S4, released in 2013, and later models. Those devices have Samsung’s Knox security platform installed by default and can receive over-the-air security policy updates. Users must have automatic updates activated in their phone’s settings, Samsung said on its website.

For earlier Galaxy phones that don’t come with Knox, Samsung said it was working on an expedited firmware update. Availability will vary depending on the model, region and service carrier.

SwiftKey’s app, which predicts words as users type, is also available from the Google Play and Apple App stores. But those versions of the app were not affected by the vulnerability, a SwiftKey spokeswoman said on Thursday.

Samsung wants court to review damages in patent fight with Apple

samsung galaxy s6

Samsung Electronics has asked that a full bench of an appeals court should review a damages award in a long-standing patent infringement dispute with arch-rival Apple.

Apple sued Samsung in 2011 alleging that Samsung phones infringed on several iPhone patents. The U.S. District Court for the Northern District of California awarded Apple damages of $930 million after a jury found that Samsung infringed Apple’s design and utility patents and diluted its trade dresses, which relate to the overall look and packaging of a product.

A three-judge panel of the U.S. Court of Appeals for the Federal Circuit agreed last month with the jury’s verdict on the design patent infringements, the validity of two utility patent claims, and the damages awarded for the design and utility patent infringements appealed by Samsung. But the appeals court reversed the jury’s findings that the asserted trade dresses are protectable, and vacated the damages relating to trade dress dilution.

The appeals court decision shaved off $382 million in damages but $548 million still remained. Samsung is now challenging $399 million of the balance, which is an award of its entire profits from products found to infringe Apple’s design patents, according to a Samsung filing Wednesday in the appeals court.

Samsung is asking the court to review the decision “en banc,” a court session where a case is heard by all judges of the court. The previous decision by the three-judge panel, among other things, had upheld an award of all of Samsung’s profits from the infringing products even though the patented designs are only minor features of those products, according to the filing.

“Unlike rugs, spoons, and simple mechanical objects, smartphones incorporate hundreds or thousands of different patented technologies, and it is undisputed here that Apple’s design patents claim only partial, minor features of such devices and that some attributes of those designs are functional,” Samsung’s lawyers wrote in the filing.

The District Court had instructed the jury that Apple is entitled to all profit earned by Samsung on sales of devices that infringe Apple’s design patents, which it defined as the “entire profit on the sale of the article to which the patented design is applied, and not just the portion of profit attributable to the design or ornamental aspects covered by the patent,” according to the filing

SwiftKey hack puts over 600 million Samsung phones at risk

Story image for samsung from NDTV

NowSecure has reported about a critical vulnerability in the keyboard software that comes pre-loaded on Samsung Galaxy series phones. If exploited, a hacker can gain access to the phone, remotely monitor it, install malware, or even steal personal data. As per the report, over 600 million Samsung smartphones that have SwiftKey keyboard pre-loaded have been exposed.

Ryan Welton, mobile security specialist at NowSecure, found that the pre-installed SwiftKey app can be tricked to download language pack updates over unencrypted connection in plain text. Thus in the pretence of language packs, malicious code can be injected to take control of the smartphone.

Once that code provides access to the attacker, the phone’s data, messages, and everything is exposed without leaving even a hint to the user.

Samsung was informed in November 2014 by NowSecure and the Korean company reportedly handed over a patch to the mobile operators across the world. However, there are millions of Samsung devices with SwiftKey, still vulnerable via this loophole.

For now, only the pre-installed SwiftKey app is vulnerable, not the ones from Google Play Store or Apple iOS Store. There is no way one can uninstall SwiftKey from the Samsung’s Galaxy range of devices since the app has been whitelisted and deemed to be native. Till there is a patch released for the Samsung phones, it is advisable to use Google Keyboard or any other third party keyboard in the mean time.