Samsung Galaxy S7 smartphones vulnerable to hacking – Researchers

Samsung

Samsung’s Galaxy S7 smartphones contain a microchip security flaw,
uncovered earlier this year, that put tens of millions of devices at risk to hackers looking to
spy on their users, researchers has said.

The Galaxy 7 and other smartphones made by Samsung Electronics (005930.KS) were previously thought to be
immune to a security vulnerability known as Meltdown, which researchers said affected most of the
world’s PCs, smartphones and other computing devices.

Researchers from Austria’s Graz Technical University told Reuters they have figured out a way to exploit
the Meltdown vulnerability to attack Galaxy S7 handsets.

The team plans to release their findings on Wednesday at the Black Hat security conference in Las Vegas.

They are looking into Meltdown’s impact on other makes and models of smartphones and expect to uncover
more vulnerable devices in the near future, researcher Michael Schwarz told Reuters.

“There are potentially even more phones affected that we don’t know about yet,” he said.

“There are potentially hundreds of million of phones out there that are affected by Meltdown and may
not be patched because the vendors themselves do not know.”

Samsung said it created a patch to protect Galaxy S7 handsets against Meltdown that it began pushing
out to affected users last month.

“Samsung takes security very seriously and our products and services are designed with security as
a priority,” the company said in a statement.

A Samsung spokeswoman declined to say how many Galaxy S7s were vulnerable to Meltdown attacks.

She said there were no reported cases where Meltdown had been exploited to attack an S7 handset and that
no other Samsung phones were known to be vulnerable.

Meltdown, and a second vulnerability known as Spectre, can be exploited to reveal the contents of a computer
device’s central processing unit – designed to be a secure inner sanctum.

Hackers can exploit those vulnerabilities by either bypassing hardware barriers or tricking applications
into giving up secret information such as passwords or banking details.

There are no known cases of hackers exploiting either vulnerability in a real-world attack, but disclosure
of the widespread hardware flaws has rocked the computer industry, forcing chipmakers and device
manufacturers to scramble to contain the fallout.

The Galaxy S7 is currently used by some 30 million people, according to research firm Strategy Analytics.

Samsung has released two new versions of its flagship Galaxy line of smartphones since the S7 debuted
in 2016.