Samsung Shipped 100 Million Galaxy S Devices With 'Fatal' Security Flaw

Apple's iOS may easily win the contest for being the most secure mainstream operating system for smart devices, though while Android has traditionally lagged behind iOS in this area, continuous efforts on part of Google over the years have made Android more secure than ever. Interestingly, even before Google began making concerted efforts to improve user privacy on Android, one of the biggest proponents of the Google-owned mobile operating system was already a step ahead in this regard.

The company we're talking about here is Samsung – which took matters like privacy and user data very seriously way before it was cool. Samsung's commitment to security and privacy could be gauged from the fact that the company had its own security protocol – Samsung Knox – that came preinstalled on several of its smartphones as far back as 2013.

This is precisely why researchers at Tel Aviv University were surprised when they discovered a potentially dangerous security flaw in not just one, but an entire range of Samsung smartphones spread across multiple generations. According to Sammobile, the security flaw affected several handsets that the company launched in the four-year period beginning February 2017.

What was even more concerning was that Samsung was seemingly oblivious to this problem, and this flaw lay undetected for more than five years until the Israeli researchers chanced upon them. According to them, this security flaw could have been exploited by hackers to extract private information from affected devices without user consent.

What did the researchers find?

The basis of the report is a 2021 study conducted by researchers from Tel Aviv University that shed light on Samsung's implementation of security-sensitive functions on several of its devices in the period between 2017 and 2021. The report is highly technical in nature and will mostly make the most sense to security and cryptography experts.

However, the gist of the findings makes it amply clear that Samsung – the world's top smartphone maker – shipped more than 100 million of its flagship-class phones that had a potentially dangerous security flaw. According to the researchers, the vulnerability primarily affected five generations of Samsung Galaxy S series devices, starting with the Samsung Galaxy S8. The Galaxy S8 series debuted all the way back in 2017.

The flaw continued to remain unpatched, even as Samsung went on to release four new generations of Galaxy S series phones ranging from the Galaxy S9 and S10 to the Galaxy S20 and then the S21 series of 2021 — all of which were potentially at risk during the entire time.

Should you be worried?

While it is concerning that Samsung engineers did not detect this flaw for several years, the Tel Aviv researchers were quick to share their new findings with Samsung. The Korean smartphone company took swift action and issued a series of software updates that patched the security flaw once and for all. The first security patch was issued in August 2021. Samsung followed that up with a second patch, which was part of the Android security update for October 2021.

These patches were issued as part of regular software updates, and with most of the affected handsets still eligible for updates, all users who updated their old Galaxy S flagships to the latest software should no longer be worried. In case you have still not updated your old Galaxy S smartphone to the newest software version, now might be a good time to do it.

Interestingly, Samsung's security patch for the issue also trickled down to devices like the Galaxy 3 Top, J7 Top, J7 Duo, the Galaxy Tab S4, Tab-A, Tab-S-Lite, the Galaxy A6 Plus, and the Samsung Galaxy A9S — all of which, the company believed could also have been potentially affected by the problem.

If you happen to own one of these affected devices, the only thing you need to do to protect yourself is to hit that software update button. Simply ensuring that your phone and tablet are on the latest Android security patch and preferably the newest firmware is a healthy practice and is more than enough to keep your phone and the personal data on it safe from prying eyes.

Even though this incident does raise questions about Samsung's security practices – especially given that the issue remained undetected for an unusually long period of time, it is pertinent to note that the company was quick in taking preventive action.

Incidentally, this is not the first time that Samsung has been at the receiving end of security-related concerns. In 2019, the company had to issue a security patch for the Galaxy S10 after users were able to unlock the phone using a finger they had not registered to the phone.