Samsung’s in-house microchips may be susceptible to Meltdown vulnerabilities after all, according to researchers from Graz Technical University in Austria who recently provided details on their discovery to Reuters. The group is expected to reveal more about its findings during the Black Hat 2018 conference in Las Vegas tomorrow, but has already explicitly said it was able to successfully execute at least one exploit in Samsung’s Galaxy S7 devices. Prior to this, the Korean tech giant’s hardware components were among the very few considered to be relatively untouchable by this particular vulnerability.
Although the researchers did not disclose whether or not Samsung had been notified, or when it managed to initiate the exploit, the smartphone manufacturer patched those devices most recently in January and again in July. Historically, affected companies are told about vulnerabilities and fix them well in advance of any announcement, so that is likely to be the case here as well. In the meantime, a Samsung spokesperson has reportedly said the company had not witnessed any real-world breaches of its handsets’ security as a result of the flaws associated with Meltdown. With that said, and in spite of the device’s age, it is expected that a significant number of Samsung Galaxy S7 phones are still in circulation, and therefore the news of this discovery is still likely to be of concern to current Galaxy S7 owners.
What’s more, the news isn’t at all likely to be the end of the ongoing issues being caused by Meltdown, according to the research team, as they plan to continue looking at other popular smartphones in order to determine whether millions of other users are still unknowingly affected by this, simply due to manufacturers remaining unaware of the problem. In regard to the vulnerabilities, Meltdown — and its PC counterpart Spectre — are effectively bugs that allow easy access to the heavily-secured side of a computer or smartphone’s hardware. Because those partitions are meant to be protected, access makes it relatively easy for a malicious entity to garner sensitive personal data such as passwords and/or credit card information from applications running on the hardware.