IF YOU LIVE IN THE PAST then best pick your ears up as researchers have found Samsung’s Galaxy S7 is vulnerable to hacking due to a chip security flaw.
Researchers from Graz Technical University in Austria told Reuters that they’d discovered a way to exploit the Meltdown flaw to hack Galaxy S7 smartphones.
While the Meltdown and Spectre flaws are often uttered in the same breath, the former is more limited and arguably dangerous than the latter.
Meltdown can be used to carry out side-channel attacks to extract sensitive data after attackers gain unauthorised access to a system’s memory space. Such an attack was initially thought to only affect Intel processors, but it also appeared to affect SoCs using designed based on ARM’s Cortex-A75 processors; think the Qualcomm Snapdragon 845.
However, the Galaxy S7 runs either a Snapdragon 820 or Exynos 8890 chipset, depending on the nation the handset was sold in. Said chips don’t contain Cortex-A75 based CPUs, so, until now, wasn’t thought to be vulnerable to Meltdown.
However, the aforementioned researchers have found a fresh Meltdown exploit in the older chipsets, which they claim could mean the Meltdown flaw can affect a heck of a lot more phones than originally thought.
“There are potentially even more phones affected that we don’t know about yet,” researcher Michael Schwarz told Reuters. “There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know.”
Samsung told Reuters that is had rolled out patches in January and July to protect the Galaxy S7 from Meltdown, so if you own the handset, don’t lob it into the bin just yet.
“Samsung takes security very seriously and our products and services are designed with security as a priority,” a Sammy spokesperson said.
The researchers haven’t spilled the beans on what chipset in the Galaxy S7 was used to find the exploit, nor indeed any further technical details; those seem to be reserved for the release of the findings at this year’s Black Hat security conference in Las Vegas.
So we’ll have to wait and see just how they’ve apparently managed to exploit Meltdown in this case and if it poses a big risk to millions upon millions of smartphones. µ
Source : Inquirer