Powered by Blogger.

Tuesday, June 23, 2015

SECURITY ALERT: Samsung Android devices

Currently, no patch exists for this vulnerability. Samsung has indicated that they will use their Knox security solution to remotely issue a fix, but when this will be released is unclear. In the official statement released by Samsung, they only mention that they will “begin rolling out a security policy update in the coming days.” Samsung has also advised users to ensure their devices automatically receive security policy updates. Steps to configure their devices to do so can also be found in the statement.
Until then, there are two possible countermeasures. The first countermeasure is to only connect to Wi-Fi networks that are secure, in order to prevent any man-in-the-middle attacks. This can be a problem if the user has to connect to public Internet connections. The use of a Virtual Private Network (VPN) helps secure a user’s connection in these cases.
Secondly, the user can stop the use of the default Samsung keyboard. To do this, they have to do two things: first, select an alternate keyboard instead of the default system keyboard. This can be done under the Language and input section of the device’s settings:

Figures 2-4. Steps to change Android keyboard

However, using a different keyboard is not enough. The system keyboard itself has to be turned off. Unfortunately, this has to be done every time the device is turned on. This can be done under the Applications part of the settings menu:

Figures 5-7. Steps to disable system keyboard

These steps will mitigate the risk to the user from this vulnerability.