Friday, June 21, 2024

Samsung: 100 million cell phones shipped with flawed encryption

Date:


Samsung has delivered its smartphones with flawed encryption for years: there was hardly any protection.

As a

current role
Security researchers Alon Shakevsky, Eyal Roen and Avishai Wool of Tel-Aviv University show that Samsung apparently shipped millions of its smartphones with flawed encryption.

as reported by The Register.

Using reverse engineering, the experts were able to identify several vulnerabilities in the cryptographic design and code structure. For example, issues were discovered in Samsung’s implementation of ARM TrustZone. This security area, which is separate from conventional applications and programs, is designed for particularly sensitive tasks. Among other things, to protect the lock screen or for encryption keys. There is even a separate operating system running in this isolated zone.

Protection of Samsung smartphones “embarrassingly bad”

Respected crypto expert Mathew Green addressed this bug, calling Samsung’s implementation “embarrassingly poor.” Data decryption is “trivial” and the promised extra protection is practically non-existent.

Full text of the tweet:

“Oh my gosh. The way Samsung phones encrypt keys in TrustZone is seriously flawed and embarrassingly bad. They used a single key and reused IV (

initialization vector) allowed.

So they could have derived a different key for each key they protect. But instead, Samsung doesn’t do that. They then allow the application layer code to choose the encryption IVs. This allows trivial decryption.”

More than 100 million Samsung smartphones affected

According to security researchers, this implementation has errors in several Samsung smartphones, specifically, the Galaxy S8, S9, S10, S20 and S21 models would be affected by the incorrect implementation, with the number of affected devices exceeding 100 million. devices. .

A security update helps: Samsung was made aware of this incorrect implementation last year and has since fixed the issues, at least on devices that are currently still being patched. If you have installed all current security updates, you should no longer be affected by this issue.

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Green Glamour: How to Achieve Eco-Friendly Acrylic Nails

In the vibrant world of beauty and nail care,...

The Future Of Horse Racing In The Digital Age  

Horse racing, a sport steeped in tradition and history,...

How to Sell CS:GO Skins for Real Money

CS:GO skins have become not just an ordinary design...

Decoding The Diversity: A Guide To Different Types Of Horse Races

Horse racing reaches 585 million households worldwide, enjoying immense...