Researchers at Tel Aviv University in Israel found (via SamMobile) that several Samsung Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 models went to market with a security loophole that could have allowed hackers to steal sensitive information such as passwords. The report claims that the phones did not store their cryptographic keys properly.
People store their entire life on their cell phones – be it pictures, videos, banking information, tax documents, passwords, and social security numbers. This data needs to be encrypted to ensure that it cannot be recovered in the event that the phone is lost. In this particular flaw, the algorithm that Samsung utilized for encrypting this sensitive data was implemented incorrectly which allowed these researchers to be able to access this information without any authorization.
How can one protect themselves of these types of threats when a device goes missing? Ensure that you have the ability to remotely erase a device immediately after you suspect it has been lost. Change passwords on all of your accounts, and enable multi-factor authentication to add another layer of defense to your accounts. The key to preventing information disclosure is to be security aware and conscious of the types of passwords (do you reuse the same password?) that you are using to access these critical services.
