Samsung Galaxy from S8 to S21 non-existent encryption

Researchers at Tel Aviv University have discovered "serious" design flaws in the encryption of Samsung smartphones, which allow intruders to obtain the device's cryptographic keys.

In addition, intruders could exploit Samsung's cryptographic errors - there are many CVEs - to degrade a device's security protocols. This of course makes phones vulnerable to attacks and in particular to a practice known as initialization vector IV attacks.s21 galaxy

Design flaws mainly affect devices that use ARM TrustZone technology. TrustZone splits a phone into two parts, the Normal world (for regular tasks such as Android OS) and the Secure world, which operates the security subsystem and where all sensitive resources are located. Secure world is only accessible to trusted applications used for security-sensitive functions, such as encryption.

Matthew Green, an associate professor of computer science at the Johns Hopkins Institute for Information Security, said on Twitter that Samsung had incorporated "serious flaws" in the way its phones encrypt key hardware in TrustZone.

Samsung phones at stake right now are all the models that were released from the Galaxy S8 of 2017 to the Galaxy S21 of last year.

  Nymaim from Europe to North America to Brazil

For more information:

threatpost.com
CVE-2021-25444, CVE-2021-25490

Follow us on Google News iGuRu.gr at Google news

Samsung Galaxy, iguru, galaxy s8, galaxy s21

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published.

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).


8 + 2 =