Research Paper Claims Samsung Shipped 100 Million Phones With Flawed Encryption

According to a research paper, Samsung reportedly shipped an estimated 100 million smartphones with botched encryption. In short, researchers at Tel Aviv University in Israel found that millions of Samsung Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 devices were shipped to customers with a security loophole that could have allowed hackers to steal sensitive information:

ARM-based Android smartphones rely on the TrustZone hardware support for a Trusted Execution Environment (TEE) to implement security-sensitive functions. The TEE runs a separate, isolated, TrustZone Operating System (TZOS), in parallel to Android. The implementation of the cryptographic functions within the TZOS is left to the device vendors, who create proprietary undocumented designs.

In this work, we expose the cryptographic design and imple- mentation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES- GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.

We discuss multiple flaws in the design flow of TrustZone based protocols. Although our specific attacks only apply to the ≈100 million devices made by Samsung, it raises the much more general requirement for open and proven standards for critical cryptographic and security designs.


The good news is that the researchers approached Samsung last May and July with the details of the vulnerabilities. Then Samsung fixed them via patches that went out to the affected devices. But here’s where I would be nervous if I were a Samsung user. Unlike iPhone in which every iPhone on Earth gets patched at roughly the same time, Android phones in general don’t get the same treatment. Patches might come from Samsung, Google, or your carrier. And they may be region specific. Thus it may take weeks or months before a patch hits your phone. If it hits your phone at all. So it is possible that not all of the phone that were affected by this are patched. And that’s a problem as it’s a safe bet that threat actors are looking at this paper and seeing how they can exploit any phone that still has these flaws. Thus my advice would be to make sure that your Samsung phone is running the latest security update. More info on that can be found here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: