Samsung shipped millions of smartphones with a serious security flaw
Samsung tends to be vigilant aboutupdating securityon itsdevices, but no phone manufacturer is perfect, and sometimes the problems stay very well-hidden. One issue that shipped with some major models didn’t become public until recently, and anyone who owns certain Galaxy phones could have fallen prey to the exploit and never realized it.
Tel Aviv University researchersuncovered problemswith the way Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 phones stored cryptographic keys throughARM’s TrustZonesystem (spotted bySamMobile). The resulting vulnerability could have made it possible for hackers with the know-how to access encryption information that your phone is supposed to keep protected with dedicated hardware.
Samsung’s security for its phonessoundssolid enough, at least on paper. They feature a layered environment surrounding something called a TrustZone Operating System (or TZOS), which runs alongside Android and performs cryptographic functions. Ideally, this should be plenty of protection, but the way cryptographic functions were implemented inside the TZOS amounted to a weak, poorly documented link in the security chain, presenting cyberattackers with a workable route to your device’s most sensitive information.
Researchers warn that while the focus in this report is on the 100 million or so Samsung devices mentioned, what they found highlighted an overall need for proven and effective standards when it comes to distributing code for smartphone security. The good news? Samsung was alerted to these issues and released a series of fixes between August and October 2021. If you’re way behind onupdating your phone, this might be a good reminder to take care of that problem ASAP.
Broader branding hints at wider paid-tier ambitions
The note-taking app I should have used all along
Project Moohan? More like Project Moolah
Generative AI, now poolside
Tidal is the best app for streaming music
Perfect for all types of devices
