Flawed Security Impacts 100 Million Samsung Phones

Researchers at Tel Aviv University discovered a severe design flaw in Samsung devices last summer, which they patched last fall. Now they are talking about it.

Even though a large number of phone owners never patch their phones. They tried the best they could, but the Android patching process is convoluted.

The bug exposed encryption keys that would allow a hacker to trivially decrypt the data on the device.

The bug affects Samsung S1, S8, S9, S10 and S20 and others. The new S22 is not affected.

The bug exposed APIs for the Trusted Execution Environment on Samsung devices. With that, a hacker could get root access to the phone and from there do anything they want, including decrypting and stealing all of the user’s data. While Samsung has released a fix, that does not mean that phone makers have pushed it to their users or that the users have installed the fix.