Vulnerability in Samsung exposed cryptographic keys
An investigation carried out at Tel Aviv University determined a security flaw that exposed the cryptographic keys of more than 100 million computers
Around 100 million Samsung smartphones were affected by a vulnerability in the cryptographic security environment of the South Korean brand, which exposed hardware-protected user keys to cyberattacks, although the company has already fixed it.
The bug, discovered by researchers at Tel Aviv University in Israel, centers on Samsung’s implementations of the TrustZone operating system, which runs parallel to Android on its mobile devices.
As the authors report in the study, the cryptographic design and implementation of a hardware-supported system to protect Samsung mobile keys using trusted execution environments had “severe design flaws.”
These issues affected the latest flagship families released by Samsung, including the Galaxy S21, S20, S10, S9, and S8 series, which came to market between 2021 and 2017 and are direct predecessors of Samsung. the Galaxy S22 this year.
Through reverse engineering techniques and analysis of the code structure of Samsung’s TrustZone implementation, Tel Aviv University researchers tested the feasibility of three attack techniques that expose cryptographic information on smartphones.
After knowing the vulnerabilities investigated, Samsung released a security patch to solve the problem of its smartphones in August of last year, which was completed with a subsequent update in October to finish protecting its devices.
K. Tovar
Source: Computerhoy
