Samsung has reportedly shipped at least 100 million Android smartphones with a security vulnerability that could allow attackers to extract sensitive and encrypted data from the devices.
In the study conducted by researchers at Tel Aviv University discovered The vulnerability is a specific issue with the way certain Samsung Galaxy devices store cryptographic keys in the ARM TrustZone system. It affects the Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 models. TrustZone is a technology for protecting sensitive data that is separated from the primary operating system by hardware isolation. On Samsung devices, the TrustZone Operating System (TZOS) runs alongside Android and performs sensitive security tasks and cryptographic functions that are separate from normal applications.
Faulty encryption: Samsung has provided a patch
The security flaw has far-reaching consequences for users. An attacker could use the vulnerability to read sensitive information that is normally encrypted, such as passwords stored on a device. The researchers at Tel Aviv University also used the vulnerability to bypass hardware-based two-factor authentication. As has now become known, the researchers reported the vulnerability to Samsung in May 2021. The South Korean smartphone manufacturer patched the vulnerability in August 2021, so Galaxy devices with the latest operating system should no longer be affected. Due to the severity of the encryption flaw, Android users who own one of the affected devices and have not yet updated their phone should do so as soon as possible. (Photo by Liza_Pie / Bigstockphoto)
