Samsung has been on top of Android and security updates for the past few months. It was one of the first major Android OEMs to release Android 12 to its devices. The company also promises four years of major Android OS upgrades for its recently introduced Galaxy S22 series. However, the situation wasn't similar before.

According to the security researchers at Tel Aviv University in Israel, Samsung shipped millions of Galaxy smartphones across various generations with a fatal security flaw that could've let hackers extract sensitive information from its devices. The researchers were able to confirm the security flaw in Samsung Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 smartphones.

As per the researchers, these phone models didn’t store their cryptographic keys in a correct manner, thereby opening up a backdoor and allowing cyber hackers to extract information stored in the smartphones easily. As Sammobile notes, the vulnerability could have allowed hackers to extract as important information as passwords stored on the smartphones. A report from The Register says:

"Samsung failed to implement Keymaster TA properly in its Galaxy S8, S9, S10, S20, and S21 phones. The researchers reverse-engineered the Keymaster app and showed they could conduct an Initialization Vector (IV) reuse attack to obtain the keys from the hardware-protected key blobs."

Should you be worried about your Samsung Galaxy smartphone?

To answer it in one word, no. Samsung was notified of the flaw promptly after it was first discovered. The company worked on a patch and started to roll out a fix for all of these Galaxy models in August 2021. A subsequent patch was also issued in the October of last year. However, if you have not installed the latest update on your Samsung Galaxy device, we highly recommend you to do so.

Source: Cryptology ePrint Archive | Via: Sammobile