Samsung is way ahead of other Android phone makers, even Google, at delivering security updates. However, many units sold by the company over the past few years had a security flaw that could have easily exposed them to hackers.
According to the researchers at Tel Aviv University in Israel, several Galaxy S series phones did not store their cryptographic keys properly, allowing hackers to extract the stored information in them. The issue was uncovered for over 100 million phone models of Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21.
Samsung phones come with a security layer called the TrustZone Operating System or TZOS. It runs alongside Android OS and performs cryptographic functions. According to the researchers, cryptographic functions were implemented in a weak way in the TZOS with poorly documented links in the security chain. This offered a workable route to the cyberattackers to the user’s device and information like passwords stored in them.
Researchers say that they raised the issue to Samsung last year and the company has released security patches last year. The first fix was rolled out with the August 2021 security patch and a subsequent vulnerability was addressed with the October 2021 patch.
Meanwhile, Samsung has launched its Galaxy S22 series phones. During the launch of its Galaxy S22 series of smartphones, the South Korean company announced that its flagship phones will get four years of Android updates. Samsung confirmed this in a press release where it said that it will deliver the “most up-to-date and more secure mobile experience possible for users by offering up to four generations of One UI and Android OS upgrades on select Galaxy devices.” To compare, Google Pixel 6 series offers ‘just’ three years of Android updates.