Security News

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. In a note posted earlier today, the extortion gang teased about releasing Samsung data with a snapshot of C/C++ directives in Samsung software.

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack.

Attention, Samsung Galaxy smartphone owners: There's a good chance your device is one of the 100 million that a Tel Aviv University research paper said suffer from a serious encryption flaw. The researchers didn't stumble upon this error, either: They purposely targeted Samsung devices as an attempt to prove that proprietary, and often undocumented, encryption applications endanger everyone using a smartphone.

A group of academics from Tel Aviv University have disclosed details of now-patched "Severe" design flaws in Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android's hardware-backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices, researchers Alon Shakevsky, Eyal Ronen, and Avishai Wool said.

Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year's Galaxy S21. Researchers at Tel Aviv University found what they called "Severe" cryptographic design flaws that could have let attackers siphon the devices' hardware-based cryptographic keys: keys that unlock the treasure trove of security-critical data that's found in smartphones. In a paper entitled "Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design" - written by by Alon Shakevsky, Eyal Ronen and Avishai Wool - the academics explain that nowadays, smartphones control data that includes sensitive messages, images and files; cryptographic key management; FIDO2 web authentication; digital rights management data; data for mobile payment services such as Samsung Pay; and enterprise identity management.

Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys. These TEEs run their own operating system, TrustZone Operating System, and it's up to vendors to implement the cryptographic functions within TZOS. The Android Keystore, the researchers explain, offers hardware-backed cryptographic key management via the Keymaster Hardware Abstraction Layer.

Microsoft says Samsung devices enrolled in Microsoft Intune using a work profile will experience email and VPN connectivity issues due to missing certificates after upgrading to Android 12. Microsoft Intune is a cloud-based service designed to help admins manage Windows, macOS, iOS/iPadOS, and Android apps and devices in enterprise environments.

Samsung's official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people's devices. Scammers bet on the popularity of the pirate app, and indeed their cloned apps enjoyed a welcoming reception by the Samsung user community.

The balance between hands-free payments and the security standards required to protect those transactions has tipped too far in the wrong direction, according to a security expert. At a session at Black Hat Europe 2021 this week, Timur Yunusov, a senior security expert at Positive Technologies, explained flaws in contactless payment apps that could lead to fraud using lost or stolen mobile phones.

Microsoft says some Samsung Galaxy devices will be marked as non-compliant with the organization's security requirements in Microsoft Intune's management interface after automatic restarts or after installing managed updates. Microsoft Intune is a cloud service that allows admins to manage Windows, macOS, iOS/iPadOS, and Android applications and devices in their enterprise environment.