Samsung Galaxy S5 Security Hole Discovered
The Black Hat Conference held in Las Vegas a few days ago has revealed something that will spook Android phone users around the world. It is a security vulnerability that stems from a feature designed with the intention of making phones more secure.
But the ARM TrustZone, as the feature is known, was found to have a weakness which people with not to good intentions can use to breach your computer system’s defences and run malicious software.
Dan Rosenburg, an Android security expert who works with Azimuth Security, found the vulnerability in TrustZone’s ability to divide software systems into the part which the user sees and interacts with and another part which is private. In theory, this should keep malicious software from getting to the critical functions of the phone in the OS.
But this very feature can be used by a clever hacker to bypass the system security and run malicious code in the critical area of the OS. TrustZone is a feature common in devices that run on Qualcomm’s Snapdragon processors which are all the rave in the latest smartphones. Among the phone makers who have equipped their phones with Snapdragon chips are HTC, Samsung and Google (in the Nexus 5).
Users of the HTC One series of smartphone and those who have purchased the hugely popular Samsung Galaxy S5 are at risk.
Any malicious and savvy hacker can be able to unlock the bootloader of these devices and insert harmful code.
This is the chilling news Rosenberg presented during the conference, demonstrating the process using the Moto X. He did not go into details of the exact methodology that hackers can use to bypass security restrictions; he gave an overview of how it can happen in an engaging presentation. This is not the first time he has done it; Rosenberg has uncovered numerous Android security flaws in the past.
However, users of Samsung Galaxy S5 and the HTC One can rest easy as the two companies have released a patch that addresses this security gap. Rosenberg published his findings in July and so, like he reassured android users, the problem could have already been addressed by phone makers by now.
In fact, Qualcomm recently released a statement to that effect saying, “We’re aware of this issue and have already made available software updates for our impacted customers to address the reported vulnerabilities.”