The world’s largest smartphone maker shipped roughly 100 million phones with broken encryption, putting its customers at risk.
Modern smartphones rely on encryption to protect data on-device. Android and iOS store the hardware-based encryption keys on the device, taking extreme measures to protect them, given they form the basis of smartphone security.
Unfortunately for Samsung users, the company’s cryptographic design was severely flawed. According to Threatpost, researchers at Tel Aviv University discovered the flaw that makes it possible for attackers to gain access to the cryptographic keys. Researchers are already condemning the company for its amateurish handling of basic cryptographic principles.
“Loosely speaking, AES-GCM needs a fresh burst of securely chosen random data for every new encryption operation – that’s not just a ‘nice-to-have’ feature, it’s an algorithmic requirement,” Paul Ducklin, principal research scientist for Sophos, told Threatpost. “In internet standards language, it’s a MUST, not a SHOULD. That fresh-every-time randomness (12 bytes’ worth at least for the AES-GCM cipher mode) is known as a ‘nonce,’ short for Number Used Once – a jargon word that cryptographic programmers should treat as an *command*, not merely as a noun.”
Unfortunately, Samsung didn’t use the numbers just once.
“Indeed, it allowed an app running outside the secure encryption hardware component not only to influence the nonces used inside it, but even to choose those nonces exactly, deliberately and malevolently, repeating them as often as the app’s creator wanted,” Ducklin continued.
The issue impacts a wide range of models, from the 2017 Galaxy S8 to 2021’s Galaxy S21.
There’s no excuse for any company to be so cavalier in its handling of something as important as encryption. For a company with Samsung’s experience and resources to so blatantly ignore basic security principles is almost criminal.
