Do you remember the Meltdown and Spectre flaws? Revealed back in January, they are the two major vulnerabilities that affect every processing chip made in the last two decades.
The flaws are in all computer processors including home computers, mobile devices, and servers. This includes Linux, Windows, macOS, Android and iOS gadgets. Not only that, they are probably the worst bugs found in processors ever and they should fundamentally change how chips will be designed moving forward.
Listen to this free Komando Consumer Tech Update and see why the Intel chip flaw is just another case of a company not being upfront with its customers.
With these flaws, hackers can potentially read and steal sensitive information such as passwords, encryption keys, login info, files and even spy on you, so it’s critical that patches are deployed. In fact, one way or another, almost every major tech company has already issued fixes to protect their products from the Meltdown and Spectre flaws.
However, one smartphone that was previously thought to be immune to the flaws has been discovered to be vulnerable too. Read on and see why this popular smartphone can be targeted.
Samsung Galaxy S7 phones are vulnerable
Spoiler alert. Samsung Galaxy S7 smartphones were confirmed to be vulnerable to the Meltdown chip flaws.
This was disclosed by security researchers Graz Technical University in Austria to Reuters as they found a method to exploit the vulnerability to hack Galaxy S7 smartphones.
It was previously thought that Samsung Galaxy S7 phones are immune to the Meltdown and Spectre flaws since they use either a Qualcomm Snapdragon 820 or Samsung’s own Exynos 8890 processor, chips that are not based on any Intel, AMD nor ARM components.
Although the Galaxy S7 is an older phone, it is owned by more than 30 million consumers.
This shouldn’t come as a surprise though since Meltdown and Spectre take advantage of flaws in a process called “speculative execution,” a capability built into every modern processor.
Refresher: Speculative execution makes chips faster by allowing them to predict what tasks your gadget may need and execute them beforehand whether you actually need a task or not. If a task is not needed, then it is discarded.
Since Qualcomm and Samsung are most likely using the same optimization techniques to make their chips faster, it’s not a stretch to think that they are affected by the same vulnerabilities.
More smartphones are now at risk
Qualcomm Snapdragon processors are widely used, especially with Android smartphones, and this means that the number of smartphones vulnerable to the same chip flaws may have just dramatically increased.
This discovery also puts newer Samsung smartphones like the Galaxy S8 and the S9 into question since they also use Qualcomm and Exynos chipsets.
“There are potentially even more phones affected that we don’t know about yet,” Graz Technical University’s Michael Schwarz told Reuters. “There are potentially hundreds of million of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know.”
The security researchers have not disclosed their method of exploit but they will present their findings during this year’s Black Hat software security conference in Las Vegas.
In response to Graz Technical University’s claims, Samsung told Reuters that it already rolled out Meltdown patches to its handsets in January and July, including the Galaxy S7.
“Samsung takes security very seriously and our products and services are designed with security as a priority,” a Samsung spokesperson said in a statement.
Do you have the latest updates?
However, although the software fixes are out, rollouts for Android phones will depend on the carrier and the phone manufacturers themselves. Always check for the latest updates for your Android gadget and apply them as soon as you can.
To manually update your Android gadget, go to Settings >> scroll down, click on ‘About Phone‘ or ‘About Tablet.‘ (If you have a tabbed settings menu then this will appear in the ‘general‘ section) >> click software update >> click install now, install overnight, or later.