Samsung has promised that a fix for the widely reported SwiftKey flaw that leaves Galaxy smartphone owners vulnerable to attack will be released "in a few days".
The Korean firm announced the fix in a statement sent to V3, but added that Knox customers should already be protected from attacks targeting the flaw.
"Samsung Knox has the capability to update the security policy of the phones, over the air, to invalidate any remaining potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days," read the statement.
"It is important to note that the phone's core functions (kernel) were not affected by the reported issue due to the protection of the Samsung Knox platform in all S4 models and above.
"Samsung has pledged to work more closely with SwiftKey to ensure that future flaws do not appear. In addition to the Security Policy update, we are also working with SwiftKey to address potential risks going forward."
SwiftKey had not responded to V3's request for comment on the flaw at the time of publishing.
NowSecure researcher Ryan Welton originally reported the bug in a threat advisory, warning that it is remotely exploitable and affects Samsung's Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini on Wednesday.
"The Swift keyboard comes pre-installed on Samsung devices and cannot be disabled or uninstalled. Even when it is not used as the default keyboard, it can still be exploited," explained the advisory.
"A remote attacker capable of controlling a user's network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target's phone."
The flaw relates to the way the keyboard's update mechanism adds new languages, and can be exploited in a variety of ways.
"The attack vector for this vulnerability requires an attacker capable of modifying upstream traffic. The vulnerability is triggered automatically (no human interaction) on reboot as well as randomly when the application decides to update," said the advisory.
"This can include geographically proximate attacks such as rogue WiFi access points or cellular base stations, or attacks from local users on a network, including ARP poisoning. Fully remote attacks are also feasible via DNS hijacking, packet injection, a rogue router or ISP etc."
NowSecure said that, if successful, the attack could drop a variety of malicious payloads, potentially granting hackers access to the phone's sensors, GPS, camera and microphone.
Welton warned that it could also let crooks secretly install malicious apps, tamper with the app and handset settings, spy on outgoing and incoming communications and access sensitive personal data.
The Computer Emergency Response Team Knowledge Base (KB-CERT) said Galaxy users should take pre-emptive protective measures while waiting for carriers to release the fix.
"Samsung has provided a firmware update to cell phone carriers for distribution to affected users," read the KB-CERT advisory.
"Avoid using untrusted networks, including public WiFi. Using your device on an untrusted network increases the chance of falling victim to a MITM attack."
The keyboard flaw is one of many bugs affecting Android devices to be uncovered in recent weeks. Researchers at Malwarebytes uncovered an upgraded Android trojan dropper on Monday capable of dodging traditional defences.
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users
Attack revealed bugs and potential security flaws that were later exploited in real-world cyber attacks