Samsung Galaxy S7 has been found to have a vulnerability that could put the device at the risk of hacking. The smartphone has been found to contain a microchip security flaw that hackers can exploit to spy on users.
The Galaxy S7 and other smartphones made by Samsung has been found vulnerable to security threat known as Meltdown, which was disclosed early this year. Meltdown was initially believed to not affect smartphones made by the Korean firm. Researchers had initially said that Meltdown and similar vulnerabilities affect devices powered by chips from Intel, AMD and ARM and were found affecting chip design dating back more than 20 years.
Now, researchers at Austria’s Graz Technical University have figured out a way to exploit the Meltdown vulnerability to attack Samsung-made Galaxy S7 smartphones. In response to the researchers, Samsung said that it has rolled out security patches to protect Galaxy S7 handsets from Meltdown in January followed by another security patch in July. “Samsung takes security very seriously and our products and services are designed with security as a priority,” the company said in a statement.
On Thursday, the Graz University team plans to release its findings around the exploit on Galaxy S7 at the Black Hat Security conference in Las Vegas. Apart from Galaxy S7, the team is also looking into impact of Meltdown on other makes and models of smartphones. It hopes to uncover more such smartphones affected by a vulnerability that was disclosed early this year.
“There are potentially even more phones affected that we don’t know about yet. There are potentially hundreds of million of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know,” researcher Michael Schwarz told Reuters.
Watch: Samsung Galaxy S9+ Video Review
Research firm Strategy Analytics estimates over 30 million people to be using Galaxy S7 worldwide and Samsung is not confirming how many models it sold. Meltdown and second vulnerability called Spectre can be exploited to reveal the contents of a chip that is generally secure and cannot be seen by lower level programs. However, hackers can bypass that hardware barrier or trick applications to behave like higher level programs and get access to CPU information.
Since Meltdown and Spectre were made public, there is no known cases of attack using these vulnerabilities. But the disclose of Galaxy S7 being vulnerable despite Samsung‘s assurance that it has patched the device comes as a worry.