 |  |  |  |  |
Samsung botched encryption
| |||||||||
|
Samsung botched encryption
| | |||||||
 |
 |
| | Thread Tools |
28th February 2022, 05:48
| #1 |
| [M] Reviewer  Join Date: May 2010 Location: Romania
Posts: 153,575
 |  Samsung botched encryption From the 2017 Galaxy S8 on up to last year's Galaxy S21 Samsung apparently shipped more than 100 million of its smartphones with the encryption borked. Models ranging from the 2017 Galaxy S8 on up to last year's Galaxy S21 were shipped with design flaws which could have let attackers siphon the devices' hardware-based cryptographic keys. The flaws were spotted by boffins at Tel Aviv University found what they called "severe" cryptographic design flaws that could have let attackers siphon the devices' hardware-based cryptographic keys: keys that unlock the treasure trove of security-critical data that's found in smartphones. The cyber attackers could even exploit Samsung's cryptographic missteps -- since addressed in multiple CVEs -- to downgrade a device's security protocols. That would set up a phone to be vulnerable to future attacks: a practice known as IV (initialisation vector) reuse attacks. IV reuse attacks screw with the encryption randomization that ensures that even if multiple messages with identical plaintext are encrypted, the generated corresponding ciphertexts will each be distinct. The design flaws ironically were in devices that use ARM's TrustZone technology which is hardware support provided by ARM-based Android smartphones for a Trusted Execution Environment (TEE) to implement security-sensitive functions. https://fudzilla.com/news/54434-sams...hed-encryption |
|  |
|
| Thread Tools | |
| |
