Samsung has delivered millions of smartphones with a dangerous vulnerability


Researchers from Tel Aviv University have discovered problems with how Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20 and Galaxy S21 phones store cryptographic keys through the ARM TrustZone system.

Vulnerability (CVE-2021-25444) in devices allows cybercriminals to gain access to encryption information that the phone must protect with special equipment.

Samsung smartphones have a layered environment surrounding the TrustZone operating system (or TZOS), which works alongside Android and performs cryptographic functions.

Ideally, the protection should be sufficient, but the way cryptographic functions were implemented inside TZOS represented a weak, poorly designed link in the security chain.

Samsung was alerted to this problem and released a number of fixes between August and October 2021.

Start a discussion …
Source link