Samsung recently announced that more than 600 million Samsung mobile devices contained a factory installed third party software produced by SwiftKey that predicts the words you will type  on your keyboards. The issue with the SwiftKey software is its contains a flaw that permits hackers to access the device when the Keychain software is applying a software update.  While the flaw provides just a narrow window to access the device, if the hacker is successful, they will have access to the device’s GPS, camera and microphone, to secretly install malicious apps, to eavesdrop on inbound and outbound messages or voice calls, or access pictures and text messages.  Because of the way SwiftKey is installed, the software comes with the device and cannot be deactivated or uninstalled.

This flaw was discovered by NowSecure in November. NowSecure told Samsung, and only now is the news becoming public. See https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/.   Samsung is working on a solution.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.