Mobile hacking: 100 million Samsung smartphones vulnerable

The security of our smartphones is increasingly important over the years. It must be said that at the start, they only served us for one thing: to telephone. Today, the situation has changed and our devices are connected to our lives. Whether it’s for the futile with social networks or the government official with the possibility of paying our taxes on an application or, at times, showing your vaccination pass. Smartphones therefore contain data that should not fall into the hands of malicious people. Despite the efforts of the manufacturers, there are still flaws in the systems as it seems to be the case with Samsung.

The truth of encryption

Encryption algorithms are almost inviolable today unless you have a quantum computer. In other words, they can sleep soundly. However, this security is not valid only if the encryption key remains secret. This is precisely where the shoe pinches for Samsung when a flaw allowing it to be recovered has been discovered in certain models of the brand. The revelation comes to us from researchers at Tel Aviv University who spotted a problem in their design. This is valid for devices ranging from Galaxy S8 to S21, which represents more than 100 million smartphones sold worldwide and possibly still in circulation. The fault with the use of a hardware mechanism responding to the name of TrustZone.

https://t.co/gmrSgjgurg Researcher Warns: Samsung Phones’ ‘TrustZone’ Is Actually
‘No-Trust Zone’ #cybersecurity

—Security News (@netsecu) February 25, 2022

TrustZone of turbulence

TrustZone is indeed in the ARM processor. It allows you to set up a trusted execution environment. To do this, it uses TrustZone Operating System, its own operating system outside Android. Its role is to manage encryption keys and it’s up to Samsung to install it. Except that it is at this stage that the Korean manufacturer failed.

The hardware encryption key is transmitted in a blob, itself under the protection of encryption using a key but also an initialization vector. The latter is usually generated randomly and makes it possible to differentiate two identical messages in their encrypted formats in such a way as to make the discovery of the key impossible. Except that, on Samsung smartphones, this vector is based on the identifier of the application that generates encryption, just like certain data from the Android space. This feature has allowed researchers to force the system to use this same vector. Results ? They have gained access to the blob to extract its contents, including the hardware key. They were thus able, thanks to this attack, to divert the cryptographic identification method Fido2 WebAuthn which avoids the obligation of a password. For the most curious of our English-speaking readers, we invite you to discover the extent of what this has allowed them to do by reading the complete study which contains many technical and expert details.

Flaw ouch ouch

This hacking method is effective against Galaxy S8 and S9. For the following, the system has undergone an overhaul and each new blob is entitled this time to a random number. Except that smartphones contain still the old code whose use can be forced. Researchers notified Samsung of the unfortunate presence in July last year, and the manufacturer shared a patch in October. However, this does not mean that everyone has it installed on their smartphone. If you own one of these models, we invite you to update quickly.