Samsung’s Galaxy S7 smartphones contain a microchip security flaw that made it vulnerable to Meltdown exploit, potentially putting tens of millions of devices at risk of hacking.
Uncovered last year, Meltdown mainly affects Intel processors that allowed hackers to 'melt' or bypass a system's hardware layer that would otherwise protect the memory layer. And since many operating systems map physical memory, kernel processes, and other running user space processes into the address space of every process, Meltdown effectively makes it possible for a rogue process to read any physical, kernel or other processes' mapped memory—regardless of whether it should be able to do so.
This simply means hackers could gain access to user data they wouldn't normally be able to.
According to researchers at Austria’s Graz Technical University, Meltdown was present in most of the world’s PCs, smartphones including Samsung’s Galaxy S7 range and other computing devices.
However, in January, Samsung said it has rolled out security patches to protect Galaxy S7 handsets from Meltdown followed by a further software update in July.
“Samsung takes security very seriously and our products and services are designed with security as a priority,” Samsung said in a statement.
But Graz’s researcher’s told Reuters this week that they had discovered a way to exploit this vulnerability on S7 smartphones, devices that were previously thought to be immune.
The Graz team plans to reveal its findings at the Black Hat security conference in Las Vegas.
“There are potentially even more phones affected that we don’t know about yet. There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know,” said researcher Michael Schwarz.
According to market research firm Strategy Analytics, the Samsung Galaxy S7 is used by over 30 million users worldwide. Samsung has also updates its Galaxy line of smartphones since the S7 debuted in 2016.
“There were no reported cases where Meltdown had been exploited to attack an S7 handset and that no other Samsung phones were known to be vulnerable,” a Samsung spokeswoman commented.
Also, there are no reported cases of hackers exploiting Meltdown vulnerability in a real-world attack, but the discovery of the widespread hardware flaws has put the industry to shame, forcing chipmakers and device manufacturers to look deeper into the security of devices.
