Tech

Samsung has shipped over 100 million smartphones with a critical security flaw!

Deepak GuptaFebruary 23, 2022
0

Computer security researchers from Tel Aviv University have discovered that Samsung shipped more than 100 million smartphones with a critical security flaw. Indeed and for almost four years, the management of encryption keys on the Galaxy has harbored a significant vulnerability that allowed an attacker to recover it all remotely.

samsung galaxy flaw
Credits: Unsplash

If Samsung is still busy dealing with display issues with the Galaxy S22’s touchscreen, computer security researchers at Tel Aviv University have just made a staggering discovery. Indeed, they realized that all smartphones in the Galaxy range that have passed since 2018, i.e. since the launch of the S8, harbored a major security flaw.

Specifically, this vulnerability was hiding in the implementation of the TrustZone. It is a secure execution space that serves, among other things, as a cryptographic safe. It manages the creation, management and manipulation of encryption keys that some Android apps can use.

However, an error has obviously been made in the initialization parameters of the AES-GCM algorithm, used for the implementation of the TrustZone. Because of this failure, an attacker who manages to take control of your smartphone was also able to retrieve all encryption keys generated by your device. A flaw that can be easily exploited on the S10, S20 and S21, but also on the S8 and S9 after carrying out a few tests.

A 4-year-old critical flaw on the Samsung Galaxy

What are the risks caused by these flaws? The greatest danger is represented by the ability for hackers to bypass Google’s “Secure Key Import” feature. Indeed, the Mountain View company uses this system to securely share its secure keys with users’ smartphones. Keys found in Google Pay in particular. We let you imagine the damage that a hacker could cause to your bank account if he is in possession of these encrypted keys.

Fortunately, Samsung has been made aware of the existence of this flaw and the manufacturer fixed this error initiated on the S8 in August 2021. Anyway, it is always worrying to know that such major flaws can escape the vigilance of a manufacturer like Samsung for years.

Source: Eprint Archive Report

We have other articles that may interest you:
  1. Created an automatic soap dispenser with a Raspberry Pi
  2. Football streaming sites automatically blocked in France, the price of Bitcoin not about to go up, this is the recap
  3. A wave transmitter prevents hundreds of motorists from opening their cars
  4. This Samsung Galaxy Tab S7 FE + Galaxy Buds2 pack is at a DISCOUNTED PRICE!
  5. Nintendo Switch Sports credits hide this Easter Egg
  6. Goat Simulator 3 is real and it’s wonderful news
Deepak GuptaFebruary 23, 2022
0

Related Articles

Why is Xiaomi accused of “censorship”?

September 23, 2021

Sony raises the price of PS5 in all its versions immediately

August 25, 2022

A fan rides the trailer we all wanted for Spider-Man: No way home

November 22, 2021

Canon offer on the Samsung Galaxy S23 Ultra + Galaxy Buds 2 Pro pack!

June 7, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *