Samsung Galaxy S7 vulnerable to Meltdown hack

By
Samsung Galaxy S7 vulnerable to Meltdown hack

The flaw potentially effects tens of millions of users that still own the S7.

Samsung's Galaxy S7 range of smartphones contained a security flaw that made it vulnerable to the Meltdown exploit, potentially putting tens of millions of users at risk of hacking.

Both the Meltdown and Spectre vulnerabilities first emerged earlier this year when it was discovered that the majority of modern processors were susceptible to a design flaw. Meltdown, which mainly affects Intel processors, allowed hackers to potentially 'melt' or bypass a system's hardware layer that would otherwise protect the memory layer.

This would effectively mean criminals could gain access to user data they wouldn't normally be able to.

Researchers from Graz Technical University in Austria revealed to Reuters this week that they had discovered a way to exploit this vulnerability on S7 smartphones, devices that were previously thought to be immune.

 

Alongside Intel processors, those based on the ARM architecture and a handful of IBM chips were also found to be vulnerable. Samsung has always used a combination of Qualcomm (for US devices) and in-house Exynos chips in its smartphone line, the latter being ARM-based and therefore vulnerable in theory.

"There are potentially even more phones affected that we don't know about yet," said researcher Michael Schwarz, speaking to Reuters. "There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know."

Samsung said it had already released a patch to fix the exploit. There are no known reports of Samsung devices being exploited in this way in the wild, however, the patch was only made available last month, which could mean there are millions of devices still vulnerable.

"Samsung takes security very seriously and our products and services are designed with security as a priority," said a Samsung spokesperson, in a statement to Reuters.

Rob Shapland, principal cyber security consultant at Falanx Group, told IT Pro: "While it was initially thought not to affect the Samsung Galaxy S7, new research that will be published at the Black Hat conference shows that it is possible to exploit the S7, and quite possibly many other devices, to steal information.

"For Samsung users, the fix is simple, as the company have already released a patch to fix the problem. This will be installed by anyone running an update on their phone, but it can take a while for people to do this. There are no known examples of the vulnerability being used on Samsung devices as yet, but it still very important that owners of the S7 ensure their phone is up to date."

Samsung reportedly sold as many as 48 million S7 units within the first year of its launch, and its thought 30 million are still in use.

Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

iOS 12 hands-on: 6 things we love (and 3 we don’t) about Apple’s latest OS

iOS 12 hands-on: 6 things we love (and 3 we don’t) about Apple’s latest OS

Sony celebrates 500m PlayStations sold with translucent PS4 Pro

Sony celebrates 500m PlayStations sold with translucent PS4 Pro

Is a Nintendo Switch Virtual Console coming as Nintendo bans retro ROM resources?

Is a Nintendo Switch Virtual Console coming as Nintendo bans retro ROM resources?

Apple AirPods 2: Wireless charging case revealed in iOS 12 beta images

Apple AirPods 2: Wireless charging case revealed in iOS 12 beta images

Would you like to receive

Our Newsletter?