Meltdown and Spectre: Samsung Galaxy S7 vulnerable to Meltdown hack

The flaw potentially effects tens of millions of users that still own the S7

Samsung's Galaxy S7 range of smartphones contained a security flaw that made it vulnerable to the Meltdown exploit, potentially putting tens of millions of users at risk of hacking.

Both the Meltdown and Spectre vulnerabilities first emerged earlier this year when it was discovered that the majority of modern processors were susceptible to a design flaw. Meltdown, which mainly affects Intel processors, allowed hackers to potentially 'melt' or bypass a system's hardware layer that would otherwise protect the memory layer.

Advertisement - Article continues below

This would effectively mean criminals could gain access to user data they wouldn't normally be able to.

Researchers from Graz Technical University in Austria revealed to Reuters this week that they had discovered a way to exploit this vulnerability on S7 smartphones, devices that were previously thought to be immune.

Alongside Intel processors, those based on the ARM architecture and a handful of IBM chips were also found to be vulnerable. Samsung has always used a combination of Qualcomm (for US devices) and in-house Exynos chips in its smartphone line, the latter being ARM-based and therefore vulnerable in theory.

"There are potentially even more phones affected that we don't know about yet," said researcher Michael Schwarz, speaking to Reuters. "There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know."

Advertisement
Advertisement - Article continues below

Samsung said it had already released a patch to fix the exploit. There are no known reports of Samsung devices being exploited in this way in the wild, however, the patch was only made available last month, which could mean there are millions of devices still vulnerable.

Advertisement - Article continues below

"Samsung takes security very seriously and our products and services are designed with security as a priority," said a Samsung spokesperson, in a statement to Reuters.

Rob Shapland, principal cyber security consultant at Falanx Group, told IT Pro: "While it was initially thought not to affect the Samsung Galaxy S7, new research that will be published at the Black Hat conference shows that it is possible to exploit the S7, and quite possibly many other devices, to steal information.

"For Samsung users, the fix is simple, as the company have already released a patch to fix the problem. This will be installed by anyone running an update on their phone, but it can take a while for people to do this. There are no known examples of the vulnerability being used on Samsung devices as yet, but it still very important that owners of the S7 ensure their phone is up to date."

Advertisement - Article continues below

Samsung reportedly sold as many as 48 million S7 units within the first year of its launch, and its thought 30 million are still in use.

13/07/2018:Chrome 67 comes with a memory hogging Spectre fix

The Spectre CPU vulnerability can be exploited to break into CPU mode on Intel x86 mode, or System Management Mode (SMM), systems previously thought to have been out of reach of the critical flaw.

Yuriy Bulygin, the former head of Intel's advanced threat team, explored the vulnerability in research conducted by his new security company Eclypsium. He modified Spectre variant 1 with kernel privileges to see whether it was intelligent enough to attack a system's firmware and uncover code in SMM, which is supposed to be a secure partition of BIOS or UEFI firmware. In fact, it's so secure, even kernels or hypervisors are prevented from accessing it.

Advertisement
Advertisement - Article continues below

In the normal running of a system, code is sent to the SMM and the operating system is halted while the CPU performs critical processes, such as those related to power management or hardware, and as such is normally highly-privileged and inaccessible with software.

Advertisement - Article continues below

However, Bulygin's research revealed that modified code for the Spectre variant 1, known as CVE-2017-5753, was able to break into the SMM.

"These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," the report explained. "This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM."

They said although this research relates to Spectre variant 1, variant 2 could be modified in the same way, resulting in a similar vulnerability.

Intel commented that patches rolled out for the original flaws will be enough to protect against these new vulnerabilities.

13/07/2018:Chrome 67 comes with a memory hogging Spectre fix

Google's Chrome 67 has gained the Site Isolation feature, which aims to protect against Spectre vulnerabilities and similar side-channel attacks.Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site. This allows Chrome to rely on the operating system to prevent attacks between processes.

Advertisement - Article continues below

It splits the rendering process into separate tasks using out-of-process iframes, which makes it difficult for Spectre side-channel attacks.

"In Chrome 67, Site Isolation has been enabled for 99% of users on Windows, Mac, Linux, and Chrome OS. Given the large scope of this change, we are keeping a 1% holdback, for now, to monitor and improve performance," Google Chrome team member Charlie Reis explained.

"This means that even if a Spectre attack were to occur in a malicious web page, data from other websites would generally not be loaded into the same process, and so there would be much fewer data available to the attacker. This significantly reduces the threat posed by Spectre."

However, such protection comes at a cost. Site Isolation does cause Chrome to create more renderer processes, which comes with "performance tradeoffs" with about 10-13% total memory overhead in real workloads due to a large number of processes. This is notable as the Chrome browser is already known to be quite the memory hog when compared to other browsers which are less resource hungry.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020