Researchers from the Tel Aviv University of Israel said that some Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20 and Galaxy S21 smartphones did not store cryptographic keys correctly, allowing attackers to easily extract information stored in the smartphone’s memory, including sensitive data such as passwords.
ARM-based Android smartphones rely on TrustZone’s hardware support for the Trusted Execution Environment (TEE) to implement security-sensitive features. TEE runs a separate TrustZone Isolated Operating System (TZOS) in parallel with Android.
The researchers described in detail the ways in which they managed to bypass protection on Samsung devices. The full text of the report can be found at this link. However, the source adds that the problems have already been fixed by Samsung, which became aware of the vulnerability shortly after its discovery. The first patch was released in August 2021, and in October the vulnerability was fixed with the second security patch.
However, users are advised to regularly check for fresh updates and install them.
Source: ixbt
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
