Reported by security experts at Tel Aviv University in Israel, about 100 million Samsung phones have been delivered with a vulnerability that allows them to intercept sensitive data, such as passwords stored on the device.
Stripped into the official firmware prepared by Samsung and left undiscovered so far, the vulnerability classified as a major security risk could have been used in espionage campaigns and cyber attacks against the owners of very popular Samsung phones, such as Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20 and Galaxy S21, making it easy to intercept sensitive information such as passwords.
According to Israeli researchers, Samsung phones incorrectly store cryptographic keys. Documented in detail, the vulnerability discovered in the TrustZone Operating System (TZOS) component, responsible for managing the security functions of the Android platform, allows the theft of those cryptographic keys, which can then be used to access accounts previously authenticated by the victim’s phone, even without knowledge effective password.
Given the undetectable nature of this feat, it is difficult to say whether it was used in actual attacks, as there is currently no concrete evidence to that effect.
The good news is that by the time of this release, Samsung has already taken the necessary steps to remedy the situation by distributing security patches to all vulnerable devices.