I usually ignore most announced Samsung security flaws. They rarely are enough of a threat to get my attention or that of my networkers. Today that drastically changed when a mobile security researcher with NowSecure blew the whistle on a flaw noticed by Samsung itself way back in December 2014 AND NOTHING HAS BEEN DONE ABOUT IT.
I’ll just quote ABC7.com’s opening line on their online article to get you all up to speed. “A security flaw discovered in Samsung smartphones has left as many as 600 MILLION Galaxy phones at risk of being hacked.”
Don’t have your attention yet? Don’t care because you don’t HAVE a Samsung Galaxy phone? Maybe you don’t have that model and you are breathing a sigh of relief.
One tiny word of advice. DON’T!
I have a Samsung Galaxy Note IV – which, by the way is NOT affected by the security flaw, BUT I am plenty worried for my networkers, my clients, my customers…my HUSBAND who just got his brand new Samsung 5 corporate work phone a month ago.
Six hundred million is a helluva big number, and to put it in even tighter perspective for you – in my smallest networking venue (at which about 15-20 people show up each week) FOUR OF THEM HAVE AN AFFECTED PHONE!
That’s 20-27% of the room in that tiny little group. ONE QUARTER of the room I had to pull aside and give copies of the article and direct how to patch this train-wreck of a customer service disaster the carriers have on their hands.
309 million is THE POPULATION OF THE UNITED STATES, by the way. So it is the equivalent to TWO UNITED STATES worth of people that are scrabbling ’round the globe to deal with this mess.
Or, well, it WOULD be if the word got out as fast as the carriers lack of attention to the problem THEY KNEW ABOUT LAST YEAR!
So, enough torch-handling and pitchfork wielding. Right now you need to know what to do if you have a Samsung Galaxy 4, 5 or 6 phone and how to stay safe until your service provider gets off its collective butt and decides to let the world know if they issued the patch yet.
What to do if you or anyone you know is affected:
1. Turn OFF your wi-fi in your settings. The hackers get in through open wifi ports. The carriers say to avoid wifi areas, but that’s like trying to avoid the entire planet. EVERY major chain restaurant, Starbucks, government building, school, company that has a network-run computer system has open wifi broadcasting round the clock – even when they are not open!
2. Disable language updates. This is harder to locate and the best thing to do is take your phone to your carrier and have them do it and/or walk you through it so you know they did it correctly.
3. Call your carrier and find out the status of the update. Don’t be meek. THIS IS YOUR FINANCES AND PERSONAL SECURITY THEY ARE ENDANGERING BY STALLING IMPLEMENTATION OF THIS UPDATE! I cannot emphasize this enough! If they give excuses, claim they never heard of this security breach, promise to get back to you – DON’T BELIEVE THEM AND DO NOT let them blow you off. Ask for their supervisor, email them DAILY – do what it takes to get them to get you off their back and give you an estimated patch implementation date.
These are simple steps that can save your contact list, your bank account access information, your credit card numbers from being taken without your knowledge and consent.
Tomorrow I will detail why this was NOT Swype Key’s or even Samsung’s fault, but the CARRIERS…ALL OF THEM. And I apologize in advance, but you are not going to like the answer. They need to take responsibility for this mess, and believe me, if they know what’s good for them, they will fix this flaw like, YESTERDAY.