Samsung tends to be vigilant about updating security on its devices, but no phone manufacturer is perfect, and sometimes the problems stay very well-hidden. One issue that shipped with some major models didn’t become public until recently, and anyone who owns certain Galaxy phones could have fallen prey to the exploit and never realized it.
Tel Aviv University researchers uncovered problems with the way Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 phones stored cryptographic keys through ARM’s TrustZone system (spotted by SamMobile). The resulting vulnerability could have made it possible for hackers with the know-how to access encryption information that your phone is supposed to keep protected with dedicated hardware.
Samsung’s security for its phones sounds solid enough, at least on paper. They feature a layered environment surrounding something called a TrustZone Operating System (or TZOS), which runs alongside Android and performs cryptographic functions. Ideally, this should be plenty of protection, but the way cryptographic functions were implemented inside the TZOS amounted to a weak, poorly documented link in the security chain, presenting cyberattackers with a workable route to your device’s most sensitive information.
Researchers warn that while the focus in this report is on the 100 million or so Samsung devices mentioned, what they found highlighted an overall need for proven and effective standards when it comes to distributing code for smartphone security. The good news? Samsung was alerted to these issues and released a series of fixes between August and October 2021. If you’re way behind on updating your phone, this might be a good reminder to take care of that problem ASAP.
I also got to touch a Galaxy Z Fold3 for two seconds
About The Author