Samsung reportedly shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 up to last year’s Galaxy S21, claim security researchers.
According to The Register, researchers at Tel Aviv University in Israel found that millions of Samsung Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 devices went to market with a security loophole that could have allowed hackers to steal sensitive information.
The report claims that the phones did not store their cryptographic keys properly, with the vulnerability found in the TrustZone OS that runs alongside Android for security-sensitive functions on Samsung phones. The fault lay with the implementation of the cryptographic functions within the OS.
TrustZone splits a phone into two portions, known as the Normal World — for running regular tasks, such as the Android OS — and the Secure World, which handles the security subsystem and where all sensitive resources reside. The Secure World is only accessible to trusted applications used for security-sensitive functions, the report explains.
If successfully infiltrated, bad actors could get into the Normal World section of the device and install malware, even grant root privileges to any apps. And instead of running code within the Android kernel, the attacker could simply execute code within the Android user mode.
The good news is that the researchers approached Samsung last May and July with the details of the vulnerabilities, which then published them to the Common Vulnerabilities and Exposures register, resulting in a patch for affected devices, plus a legacy blob removed from S10, S20 and S21 devices.
Samsung did not respond to The Register to confirm the estimate of affected devices or how many remain unpatched.