back to article Samsung shipped '100 million' phones with flawed encryption

Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys. The researchers – Alon Shakevsky, Eyal Ronen, and Avishai Wool – describe their work in a paper titled, "Trust Dies in Darkness: Shedding Light on …

  1. Snake Silver badge

    But...

    "However, they responsibly disclosed their findings to Samsung in May 2021, which led to the August 2021 assignment of CVE-2021-25444 to the vulnerability, and a patch for affected devices."

    How many devices actually received the patch?? As you well know, in the America most mobes are sold carrier-direct, locked to said carrier and with installed and locked bloatware. Most times it is up to the carrier to approve and forward OS upgrades.

    1. Anonymous Coward
      Anonymous Coward

      Re: But...

      that sinking feeling when you know you're up a creek without an update ...

    2. iron

      Re: But...

      My S8+ (the oldest model listed) is still receiving monthly security patches.

      Samsung are actually pretty good with patch support for older models.

    3. ecarlseen

      Re: But...

      Apple is excellent about patching (and strictly prohibits third-party app bundling on any hardware they sell) and Samsung has gotten much better about patching as well. This is mostly a problem with the smaller vendors.

  2. YetAnotherJoeBlow

    yet again...

    For the life of me, why does industry refuse consultations with academia on encryption? It is beyond incompetence, it is malfeasance.

    1. The Basis of everything is...

      Re: yet again...

      Maybe they did? With all the universities world wide and the 100's of people of are legitimate experts in encryption, who do you go to?

      And how do you know they're actually any good and not in the pay of or subject to pressure from others who would like to have a slight glitch in your encryption implementation?

      Yep, it's a rabbit hole once you start poking around those sorts of questions. Possibly even a tinfoil lined rabbit hole...

    2. Kevin McMurtrie Silver badge
      Trollface

      Re: yet again...

      Academia? Like, Stack Overflow? Just pick something, make it a byte array, and you're good.

  3. cookieMonster Silver badge
    Big Brother

    A bug

    Or state mandated implementation??

  4. Tom 7

    Ah shit. That means

    I'm going to have to find the phone I rarely use to see what model it was in case someone other than google/meta are eavesdropping on my food orders that all end in 'sorry we dont deliver there' no matter how much I order.

    There are some benefits of living in the sticks - especially when stormy weather saves you cutting your own sticks!

  5. Anonymous Coward
    Anonymous Coward

    My Question Is…

    Does #Vlad The Invader use Android?

  6. ThatOne Silver badge
    Facepalm

    "Told you so" moment

    That's why one shouldn't ever trust "TrustZone"-type malarkey.

    Shiny shiny happy feature which promises the world, but will infallibly let you down in ways you hadn't ever dreamed of.

    (The worst part is I'm not even a Luddite! Just a normal guy who's wary of wishful thinking.)

    1. Anonymous Coward
      Anonymous Coward

      Re: "Told you so" moment

      At the tech company I work for (no, not Samsung) it has always been drummed into us that you never, ever describe a technology or feature as “secure”. The phrase to use is “more secure”. There are no absolutes in this field, and even our most gung-ho and over-excitable marketroids wouldn’t risk setting us up for embarrassment in that way.

      1. ThatOne Silver badge

        Re: "Told you so" moment

        > The phrase to use is “more secure”.

        I'm not convinced "more secure" does fit here either. I definitely think "additional, different set of potential vulnerabilities" is the only right qualifier: The more complex something becomes, the more potential for vulnerabilities it carries, and by adding security warts on something which wasn't built with safety in mind, you don't solve much, you just increase the attack surface. IMHO.

        1. fidodogbreath

          Re: "Told you so" moment

          I'm not convinced "more secure" does fit here either.

          Depends on the baseline for the comparison. Sammie's implementation is "more secure" than storing everything in an ASCII file named TRUSTZONE_CRYPTOGRAPHIC_KEYS.TXT.

      2. crayon

        Re: "Told you so" moment

        Just like the washing powder companies say to their marketing droids - there is no such thing as "white", only "whiter than white".

  7. Pascal Monett Silver badge

    Why leave implementation to the vendors ?

    It would seem that a proper encryption scheme should also have a default implementation function/procedure.

    Encryption is difficult. Even if you (like me) have no idea how difficult it actually is, there's largely enough history to demonstrate that fact.

    So don't leave it up to the vendors. If you create an encryption scheme, give a default, secure, functional scheme that vendors can rely on.

    That way, if they go their own route and screw up, it's entirely their own fault, whereas here you kinda built the scaffold for them to hang themselves.

    1. A random security guy

      Re: Why leave implementation to the vendors ?

      Most processor vendors do provide the tools. Android also comes with the tools. Time and again I have seen engineers neuter the systems as it is too hard to wrap their heads around the system. I see fixed keys all the time.

      The additional problem is that Samsung is also the processor vendor.

  8. A random security guy

    Typical Samsung

    This is the most basic of most encryption and they messed it up. AES-GCM is especially brittle to this attack IIRC. I guess the word "counter" did not register.

  9. Christoph

    Keymaster?

    They had the Keymaster but not the Gatekeeper.

  10. herman Silver badge

    AES128

    The Linux AES128 shipped with Chinese devices (radio data links for example) is broken and usually does absolutely nothing useful. That amounts to millions of devices also.

    1. Anonymous Coward
      Anonymous Coward

      Re: AES128

      A Chinese government requirement.

  11. Winkypop Silver badge
    Big Brother

    To some a flaw

    To others a feature

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like