Samsung Galaxy bug on millions of phones- Galaxy S8 to Galaxy S21? What experts said
Security experts have issued a warning about a Samsung Galaxy bug on millions of phones, reveals a report.
From Samsung Galaxy S8 to Samsung Galaxy S21 phones, nearly 100 million devices are at risk from a “severe” security vulnerability that can lead to loss of money via use of Google Pay and Samsung Pay. The issue has been found by researchers from Tel Aviv University, Israel. Security experts have demonstrated two real-world attacks that could be carried out taking advantage of these issues, reported Express. Matthew Green, the associate professor of computer science at the Johns Hopkins Information Security Institute, has shared the info through a tweet. He wrote, "Ugh god. Serious flaws in the way Samsung phones encrypt key material in TrustZone and it's embarrassingly bad. They used a single key and allowed IV re-use."
Paul Ducklin, principal research scientist at Sophos, has told ThreatPost that Samsung coders had committed a "cardinal cryptographic sin". In the test, researchers found that stealing sensitive information from Samsung devices which are supposedly protected at hardware-level itself.
The security glitch not only allows cybercriminals to steal cryptographic keys stored on the device but they also allow attackers to bypass security standards such as FIDO2 authentication to gain access to passwords.
Mike Parkin, from Vulcan Cyber, called the cryptography complex and stated that the number of people who can do proper analysis are limited. "A properly designed and implemented encryption scheme relies on the keys and remains secure even if an attacker knows the math and how it was coded, as long as they don't have the key," says Parkin.
Read the Tweet by Matthew Green below
Ugh god. Serious flaws in the way Samsung phones encrypt key material in TrustZone and it's embarrassingly bad. They used a single key and allowed IV re-use. https://t.co/XteB3kc8cH pic.twitter.com/4wxA6XBuN2— Matthew Green (@matthew_d_green) February 22, 2022
Meanwhile, Samsung responded to the academics' disclosure and said, "Samsung takes the security of Galaxy devices seriously. We are constantly looking for ways to enhance the security of our products and welcome any input from research communities.” They have shared that the reported issue has already been acknowledged and addressed through security updates since August 2021. The company recommends its users to keep their devices updated with the latest software so that they can stay protected from any kind of vulnerability.