Samsung Galaxy phones encryption flaw on 100 million devices

[notblox1]

Academics from Tel Aviv University found out that Samsung Galaxy smartphones had serious flaw that was later patched and it was affecting 100 million Android-based Samsung.
Keymaster TA flaw could allow unauthorized access to hardware-protected keys, authentication bypass that would lead to more advanced attacks.
This could result in extraction of secret cryptographic keys, and any bitcoin wallets you have installed could be compromised!
https://thehackernews.com/2022/02/100-million-samsung-galaxy-phones.html

It is not safe to keep keys for big amount of coins on Samsung smartphone devices.

[BitMaxz]

Actually, I'm using Samsung for daily transactions never been experienced any attacks yet and according to Sammobile it was already fixed after the security patch.
I got the source here https://www.sammobile.com/news/over-100-million-samsung-smartphones-shipped-fatal-security-flaw/

That is why it's always recommended to keep updating your phone if there is a new firmware update available for your phone and it seems that the Knox folder is not affected by this.

It is not safe to keep keys for big amount of coins on Samsung smartphone devices.

Except on running it offline as cold storage wallet.

[mk4]

Actually, I'm using Samsung for daily transactions never been experienced any attacks yet and according to Sammobile it was already fixed after the security patch.
I got the source here https://www.sammobile.com/news/over-100-million-samsung-smartphones-shipped-fatal-security-flaw/

That is why it's always recommended to keep updating your phone if there is a new firmware update available for your phone and it seems that the Knox folder is not affected by this.

Yea some people can potentially make it work by using a separate phone solely for crypto-related stuff and using an open-source custom ROM, but still definitely not recommended for the mass majority.

Except on running it offline as cold storage wallet.

Assuming you really know what you're doing(removing your phone's wifi hardware and such), then sure.

[Lucius]

That is why it's always recommended to keep updating your phone if there is a new firmware update available for your phone and it seems that the Knox folder is not affected by this. 

The newer the smartphone, the faster you will get the update, and vice versa if you have an older device that goes lower and lower on the priority list. In addition, if the update is not set to automatic, many people do not pay attention to such things at all. However, the biggest problem is those users whose devices stop receiving official support - I, for example, have not received any update for almost 5 months, and I have a device that is just over 2 years old and paid over 700 EUR.

[NeuroticFish]

It is not safe to keep keys for big amount of coins on Samsung smartphone devices.

It's not safe to keep keys for big amount of coins on any device that connects to the internet and especially a smartphone.
The vulnerability - it doesn't even matter whether it can or cannot be patched - doesn't bring anything new to this.

[notblox1]

Did you mistyped that? Source you mentioned the flaw could be patched

Yes I did make a mistake, thank you for correction, this issue was fixed last year in August and October of last year, but this could happen again and we would never know.
All this smartphone devices have some secret parts in their operating system and they can not be examined freely by anyone.
It is best if you keep phone always updated but this does not guarantee safety and security.

[passwordnow]

It is not safe to keep keys for big amount of coins on Samsung smartphone devices.

It's not safe to keep keys for big amount of coins on any device that connects to the internet and especially a smartphone.
The vulnerability - it doesn't even matter whether it can or cannot be patched - doesn't bring anything new to this.

I agree, it's for any device. And in the first place, phones shouldn't be use for keeping your private keys. It has a different use and even you use it daily for transactions, it's not advisable to have your keys placed there. One mistake and it's on the wrong hands, you're funds are at total risk whether it be online or offline since it can be robbed physically. But if someone insists in doing so and knows what he's doing, making a backup is always a must.

[cryptoaddictchie]

Actually, I'm using Samsung for daily transactions never been experienced any attacks yet and according to Sammobile it was already fixed after the security patch.
I got the source here https://www.sammobile.com/news/over-100-million-samsung-smartphones-shipped-fatal-security-flaw/

Wow is it good to use like traditional non custodial wallet? Ive heard of their own samsung wallet supported but never seems to see any feedback from users whove tried it. Can you dedicate a thread on your experience using it. Im using a samsung galaxy s21 and wanted to try it out but of course I am wary of its security too. I appreciate if you could tell us some insight from users like you. Thanks.

[hugeblack]

I think what is being talked about are two-factor authentication codes, biometric locks or passwords but that doesn't mean the wallet will be hacked or the private key will be leaked.

If access to that data was easy, we would have heard of dozens of wallet hacks and the loss of a lot of money.
In general, you should be careful and only generate private keys on devices that have not and will not be connected to the Internet.
You should also avoid random downloading of apps and avoid random clicking on links.

[Daodex]

Don't store wallet keys on your phone crypto wallet keys are safer offline and they are meant to be kept offline it's not a smart move because your phone can get hacked lost or stolen, this is why I like paper wallets for storing coins that I intend to keep for a long time.