Samsung Galaxy bug on millions of phones- Galaxy S8 to Galaxy S21? What experts said

Security experts have issued a warning about a Samsung Galaxy bug on millions of phones, reveals a report.

| Updated on: Aug 22 2022, 10:24 IST
Samsung Galaxy bug may lead to loss of data and money.
Samsung Galaxy bug may lead to loss of data and money. (Getty Images/iStockphoto)
Samsung Galaxy bug may lead to loss of data and money.
Samsung Galaxy bug may lead to loss of data and money. (Getty Images/iStockphoto)

From Samsung Galaxy S8 to Samsung Galaxy S21 phones, nearly 100 million devices are at risk from a “severe” security vulnerability that can lead to loss of money via use of Google Pay and Samsung Pay. The issue has been found by researchers from Tel Aviv University, Israel. Security experts have demonstrated two real-world attacks that could be carried out taking advantage of these issues, reported Express. Matthew Green, the associate professor of computer science at the Johns Hopkins Information Security Institute, has shared the info through a tweet. He wrote, "Ugh god. Serious flaws in the way Samsung phones encrypt key material in TrustZone and it's embarrassingly bad. They used a single key and allowed IV re-use."

Paul Ducklin, principal research scientist at Sophos, has told ThreatPost that Samsung coders had committed a "cardinal cryptographic sin". In the test, researchers found that stealing sensitive information from Samsung devices which are supposedly protected at hardware-level itself.

The security glitch not only allows cybercriminals to steal cryptographic keys stored on the device but they also allow attackers to bypass security standards such as FIDO2 authentication to gain access to passwords.

Mike Parkin, from Vulcan Cyber, called the cryptography complex and stated that the number of people who can do proper analysis are limited. "A properly designed and implemented encryption scheme relies on the keys and remains secure even if an attacker knows the math and how it was coded, as long as they don't have the key," says Parkin.

Read the Tweet by Matthew Green below

Meanwhile, Samsung responded to the academics' disclosure and said, "Samsung takes the security of Galaxy devices seriously. We are constantly looking for ways to enhance the security of our products and welcome any input from research communities.” They have shared that the reported issue has already been acknowledged and addressed through security updates since August 2021. The company recommends its users to keep their devices updated with the latest software so that they can stay protected from any kind of vulnerability.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 28 Feb, 10:42 IST