Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Millions of Samsung phones reportedly shipped with a major security flaw

Several Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 phones models were affected.
By
February 24, 2022
samsung logo
Oliver Cragg / Android Authority
TL;DR
  • Security researchers at Tel Aviv University in Israel found a significant security flaw in several Samsung phones.
  • The company reportedly shipped over 100 million devices with this flaw.

Samsung is usually pretty prompt with security updates for its phones, but according to a new report, the company shipped over 100 million devices with a major security flaw.

Researchers at Tel Aviv University in Israel found (via SamMobile) that several Samsung Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 models went to market with a security loophole that could have allowed hackers to steal sensitive information such as passwords.

The report claims that the phones did not store their cryptographic keys properly. The vulnerability was found in the TrustZone Operating System (TZOS) that runs alongside Android for security-sensitive functions on Samsung phones. The fault lay with the implementation of the cryptographic functions within the TZOS.

You can find the details of how the security researchers reverse-engineered the flaw here.

So how were you affected? Well, the problem remained hidden until recently. Anyone with one of the aforementioned models could have been targetted with the exploit. However, there’s no evidence of the same.

The good news is that Samsung has already patched the issues. Security researchers notified the OEM when they first discovered the problem. A fix was rolled out with the August 2021 security patch. The October 2021 security update also addressed a subsequent vulnerability.