Samsung Galaxy bug on millions of phones- Galaxy S8 to Galaxy S21? What experts said
Technology

Samsung Galaxy bug on millions of phones- Galaxy S8 to Galaxy S21? What experts said

By Daisy

Security experts have issued a warning about a Samsung Galaxy bug on millions of phones, reveals a report.

From Samsung Galaxy S8 to Samsung Galaxy S21 phones, nearly 100 million devices are at risk from a “severe” security vulnerability that can lead to loss of money via use of Google Pay and Samsung Pay. The issue has been found by researchers from Tel Aviv University, Israel. Security experts have demonstrated two real-world attacks that could be carried out taking advantage of these issues, reported Express. Matthew Green, the associate professor of computer science at the Johns Hopkins Information Security Institute, has shared the info through a tweet. He wrote, “Ugh god. Serious flaws in the way Samsung phones encrypt key material in TrustZone and it’s embarrassingly bad. They used a single key and allowed IV re-use.”

Paul Ducklin, principal research scientist at Sophos, has told ThreatPost that Samsung coders had committed a “cardinal cryptographic sin”. In the test, researchers found that stealing sensitive information from Samsung devices which are supposedly protected at hardware-level itself.

The security glitch not only allows cybercriminals to steal cryptographic keys stored on the device but they also allow attackers to bypass security standards such as FIDO2 authentication to gain access to passwords.

Mike Parkin, from Vulcan Cyber, called the cryptography complex and stated that the number of people who can do proper analysis are limited. “A properly designed and implemented encryption scheme relies on the keys and remains secure even if an attacker knows the math and how it was coded, as long as they don’t have the key,” says Parkin.

Read the Tweet by Matthew Green below

Meanwhile, Samsung responded to the academics’ disclosure and said, “Samsung takes the security of Galaxy devices seriously. We are constantly looking for ways to enhance the security of our products and welcome any input from research communities.” They have shared that the reported issue has already been acknowledged and addressed through security updates since August 2021. The company recommends its users to keep their devices updated with the latest software so that they can stay protected from any kind of vulnerability.

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! TechAI is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Daisy 75553 posts 0 comments