While nothing we use in the world of technology is completely safe, from time to time, companies can miss a lot of mistakes. Samsung joined these companies with a research published the other day. The study by researchers from Tel Aviv University revealed that Samsung phones were released with a big mistake for years.
The research, published with the title “Trust Dies in the Dark: Shedding Light on Samsung’s TrustZone Keymaster Design”, showed that Samsung’s entire Galaxy S8, S9, S10, S20 and S21 phone series has critical vulnerabilities. Researchers state that with this vulnerability, phones can open the door to various attacks despite hardware-protected measures.
Keys could be intercepted despite hardware-protected prevention
Vulnerability, Samsung’s cryptographic operations such as key generation, encryption, verification, and signature creation in a secure environment It was discovered in the layer named Keymaster TA, which enables realization. Keys that should only be readable in the Trusted Execution Environment (TEE) due to the vulnerability could be compromised by a reused ‘Initialization vector’ attack.
Researchers stated that this vulnerability is found in approximately 100 million Samsung smartphones. Although the vulnerability was only detailed today, it was actually discovered last year. But the researchers shared the vulnerability with Samsung before making it public. As a result, Samsung closed the gap with the update in May 2021.
38168
