iOS VPN App
There really isn’t much about hacking, malware, and security in the tech world that’s surprising anymore. Except for this. A security risk has been found in Samsung Galaxy smartphones – five generations of the handsets. It’s a design flaw that wasn’t caught until now. Even more surprising? It appears hackers never found this security risk.
Researchers Find Samsung Galaxy Design Flaw
Tel-Aviv University researchers in Israel – Alon Shakevsky, Eyal Ronen, and Avishai Wool – wrote a paper titled “Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design,” detailing their findings about the security risk in Samsung Galaxy phones.
The researchers explain in the paper how they were able to remotely extract cryptographic keys. They were also able to get past the FIDO2 authentication to reach highly sensitive data on all the recent Samsung Galaxy models.
The phones carry the Trusted Execution Environment (TEE), which includes the TrustZone Operating System (TZOS). While it may sound like a system that would keep your passwords and sensitive data safe, the paper’s authors were able to break through.
Once they broke through the structure, they created an exploit that allowed them to get to data that was protected by the hardware of the Samsung Galaxys. As if that weren’t enough, the researchers created a second exploit that allowed them to affect more recent Samsung phones running Android 9 and later that you would think would be protected from such risks.
The Samsung Galaxy phones had cryptographic keys that protected data with AES-GCM encryption. This meant apps could only reach that data if they went through the Samsung Keystore.
The Tel-Aviv researchers explained that “the implementation of the cryptographic functions within the TZOS is left to the device vendors who create proprietary undocumented designs.” Yet, Samsung had a very flawed design that allowed the researchers to break through with two exploits.
What this Means for Galaxy Owners
Through a process that seems like extreme luck, if you’re a Samsung Galaxy…