The Galaxy S7 is vulnerable to Meltdown exploit despite two patches
Remember the Meltdown and Spectre nightmare that rocked the tech world at the start of the year? Despite companies around the world rushing out patches to mitigate the vulnerability, researchers have revealed that the fixes aren’t as effective as they first appeared.
The team from Austria’s Graz Technical University claims to have managed to use the Meltdown vulnerability to attack the Samsung Galaxy S7 handset. That’s especially concerning as Samsung has twice patched the device to protect from the exploit, with over the air (OTA) updates released in January and July.
Related: Best Android phones
The team will present their findings this week at the Black Hat security conference in Las Vegas, but crucially the S7 is just a test case, and the researchers are very clear that it’s likely the tip of the iceberg.
“There are potentially even more phones affected that we don’t know about yet,” researcher Michael Schwarz told Reuters. “There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know.”
Although Samsung hasn’t revealed how many S7 devices have been sold, Strategy Analytics estimates that there are at least 30 million in use worldwide.
The Meltdown and Spectre vulnerabilities work by exploiting a function of CPUs known as “speculative execution“, which is how processors guess which data to work with when processing tasks.
Certain data – like passwords – can be leaked during this process via the exploits. The video below, from Red Hat Linux, explains the problem in simple terms, by imagining your CPU were a restaurant serving up delicious data:
As of yet, there are no confirmed cases of hackers exploiting the Meltdown or Spectre issues in the real world, but the fact that potentially millions of devices are still vulnerable after a flurry of patches means that it could just be a matter of time.
Do you still use a Samsung Galaxy S7, and are you worried? Let us know on Twitter @TrustedReviews.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.