Your bitcoins on Samsung Galaxy may be at risk

Key facts:
  • A study revealed vulnerabilities in TrustZone devices, which store encrypted data.

  • Weeks ago, the brand announced an integrated Bitcoin wallet on its Galaxy S22 model.

Mobile phones increasingly serve as a kind of “portable safe” that everyone carries in their pocket. For this reason, security is a primary topic for manufacturers, who turn to cryptographic designs to enhance their security. However, a study revealed flaws in Samsung phones that allowed data theft.

In the research conducted and published by Alon Shakivsky, Eyal Ronen and Avishai Wall, computer science experts at Tel Aviv University (Israel), Some of the security flaws seen on Samsung devices are detailed. The title of the study published on February 20, 2022 is Trust dies in the dark: shedding light on the design of Samsung’s TrustZone Keymaster.

As the study explains, Android smartphones use a hardware support called ARM TrustZone to create a Secure Execution Environment (TEE). TEE runs the TrustZone Operating System (TZOS) that is isolated from Android, that is, it runs in parallel with it.

Advertising

Thus, it performs the most sensitive functions in terms of security. To do this, it also uses encryption functions.

The work of Chakvsky and Ronin Wall I tested these features on the Samsung Galaxy S8, S9, S10, S20, and S21 phones. These models, according to these authors, cover more than 100 million devices.

The procedure chosen was to reverse engineer the cipher design and code structure, and The results showed significant failures. The security mechanisms of these devices were affected by the fourth reuse attack and the downgrade attack. These are two hacking techniques that aim, in short, to make systems more vulnerable and extract the protected data from the computer.

Advertising

Regarding the first method, IV reuse, the S9 only showed a vulnerability before downgrading the software. After that, everyone was vulnerable. Also, almost all computers were vulnerable to a downgrade attack. Only the S8 has proven its resistance to this technology.

Technically, this was the attack configuration implemented in the investigation. Source: eprint.iacr.org

Using these technologies, researchers have been able to steal information even “on the latest devices”. In addition, they claimed their attacks were able to affect “two high-level encryption protocols between TrustZone and a remote server”, as well as spoof a FIDO2 Web API login and “compromise” functionality. Secure key import google d.

Samsung wallets’ reputation may be affected

Given the discoveries of these computer scientists, Many Samsung products may lose credibility due to their security flaws. That might be the case for the wallet built into the new Galaxy S22 model, which CriptoNoticias recently reported. It should be noted, however, that this cell phone was not included in the said study.

These wallets have the ability to hold not only cryptocurrencies like Bitcoin (BTC), but also really sensitive personal information. For example, it stores bank account data, passwords, digital assets, identities, credit cards, and even boarding passes. You can also save “blockchain keys” through the use of Knox Vault, a hardware device built into the hardware to protect important information.

Therefore, the researchers say in the conclusion of their work, manufacturers Samsung and Qualcomm should review their security designs and not rely solely on the tests they perform. So far, the Korean company has not expressed itself regarding the results of this study.

 

 

 

 

 

Bitcoin Review

Leave a Comment