Swiftkey Leaves Samsung Users Open to Attack


Nothing compares to the BlackBerry physical keyboard. Even when speaking to former BlackBerry users who are now steadfast Android or iOS fans (I know, there’s something terribly wrong with them) the one thing they always look fondly back at, was the BlackBerry keyboard. With their transition to typing on full touch glass slabs, users discovered how difficult it could be to type intelligibly. And hilarious fail pages were created from it.

But over on Android, they went about trying to fix their problems. They created new keyboards that were supposed to fix their typing issues. And throughout the internets, Androidians claimed they could type better now than they ever could on BlackBerry. Unfortunately, those statements were usually littered with typos.

One keyboard seems to be the one named most often in those statement. Swiftkey, the virtual keyboard that so many Androidians claim is better than any keyboard BlackBerry could make. They are of course wrong. But it grew in popularity to the point that the biggest Android phone maker, Samsung, pre-installed it on their phones.

Of course BlackBerry users know that our keyboards are better. Both physical and virtual. And today, we gained further proof.

This time the proof isn’t in speed or accuracy, but in security. It appears that the Swiftkey keyboard installed on Samsung devices looks for language pack updates in unencrypted, plain text files. By now, we should all know that when speaking of security, plain text is generally a problem. And in this case, it’s quite a problem.

Ryan Welton from Nowsecure was able to spoof a proxy server, and deliver fake malicious security updates to Samsung phones through this vulnerability.

So what can be done to a users device utilizing this exploit? It could be used to drive obtain system level privileges, steal data, messages, and even monitor users. So, you know, just another day in the Android universe.

Who’s affected? Well, Samsung was notified of this vulnerability in November of 2014, and Samsung sped off to fix it. Showing just how important user security is in the Android space, Samsung delivered a fix. Only 4 months later. In March of this year.

So Samsung users are now safe? Why no, they’re not.

At the Blackhat Security Summit in London, Welton was able to take a Galaxy S6 and reproduce the attack. And do it multiple times. It is now estimated that 600 million devices are currently at risk with this vulnerability.

So let’s check the scorecard;

Best keyboard for accuracy? BlackBerry of course.

Best keyboard for speed? BlackBerry.

Best keyboard for security? Obviously BlackBerry.

Well would you look at that? Once again it’s BlackBerry for the win!

Source: Forbes


Founder & Owner of UTB Blogs. Former BlackBerry Elite. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.