A team of researchers at Tel Aviv University uncovered a security issue that left Samsung Galaxy smartphones vulnerable to hacking attacks.
Follow Israel Hayom on Facebook, Twitter, and Instagram
The experts who discovered the loophole, Prof. Avishai Wool, Dr. Eyal Ronen, and graduate student Alon Shakevsky, found a vulnerability in Samsung's TrustZone security architecture.
"In protecting smartphones using the Android system, there is a special component called TrustZone," Wool told the Jerusalem Post.
"This component is a combination of hardware and software, and its job is to protect our most sensitive information – the encryption and identification keys," he continued. "We found an error in the implementation of Samsung's TrustZone code, which allowed hackers to extract encryption keys and access secure information."
Our @USENIXSecurity & @RealWorldCrypto paper "Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design" is now online https://t.co/M9hhH3RPVB. We extract keys and bypass FIDO2 attestation. PoC - https://t.co/FV8BiyhGx1. With @shakevsky and Avishai Wool pic.twitter.com/1juc8i4jBa
— Eyal Ronen (@eyalr0) February 21, 2022
The flaw, which impacts Samsung Galaxy users who have not updated their phones' operating system since October 2021, was patched in a software update after the team of researchers reported the issue to Samsung.
"It should be understood that phone companies like Samsung go to enormous lengths to secure their phones, and yet we still hear about attacks, for example in the case of the NSO spyware. TrustZone is designed to be the last layer of protection," Ronen said, according to the Jerusalem Post.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
"In our article, we showed that failures in Samsung's code also allowed access to… sensitive cryptographic keys," Ronen added.
The researchers are set to present their findings at the upcoming USENIX Security Symposium, a Boston-based cybersecurity conference, this August.
i24NEWS contributed to this report.
