A major security flaw put sensitive user data on 100 million Samsung devices at risk of exposure.
Earlier this month, we reported on a security flaw in Apple iOS devices and Macs, but now it’s Samsung’s turn. Tel-Aviv University researchers have published a paper detailing a major security flaw in Samsung Galaxy phones going back to the Galaxy S9. The researchers estimate that Samsung shipped roughly 100 million devices with this security flaw that could have been exploited to extract hardware-protected cryptographic keys, which protect sensitive user data. The researchers first discovered the security flaw in the Galaxy S9 and reported the vulnerability to Samsung Mobile Security in May 2021. Samsung responded by issuing a patch in August 2021 that applied not only to the S9, but to a whole list of devices including the Galaxy J3 Top, J7 Top, J7 Duo, TabS4, Tab-A-S-Lite, A6 Plus, and A9S. However, before Samsung released this patch, the researchers reported to Samsung in July 2021 that they had discovered the security flaw again in the Galaxy S10 S20, and S21.
