Samsung always has a grand vulnerability each year. Like clockwork!
In 2015, a vulnerability in Samsung's SwiftKey keyboard was discovered that allowed attackers to remotely execute code on the device.
In 2016, researchers discovered a flaw in Samsung's Knox security software that could allow an attacker to escalate privileges and gain root access to the device.
In 2017, a vulnerability was discovered that allowed attackers to take control of Samsung's SmartCam cameras.
In 2018, researchers found a flaw in Samsung's Secure Boot feature that allowed attackers to install malicious firmware on the device.
In 2019, researchers discovered a vulnerability in Samsung's Galaxy S10 fingerprint scanner that allowed anyone to unlock the phone with a 3D printed fingerprint.
Why is this? Id be interested to read the reasons why.
At the top of my head it's WFM opening up attack surfaces but it could be that hackers with more free time hacked more. Sociological reasons are more interesting for me.
Multiple industries laid off large parts of their workforce. US unemployment trippled, and more tourist heavy countries fared even worse. One of the biggest drivers of crime is "it was the best option available at the time", and most cybercrime isn't highly skilled and fairly accessible.
To make matters worse, "regular" crime struggled at the same time. It's harder to break into people's homes if they are at home all day, and you can't mug them in a dark alley either, neither can you pickpocket tourists.
My guess is with lockdowns you had a lot of people bored at home stuck with nothing but digital screens for entertainment. People with remote jobs or no jobs could be scanning sites for exploits in the background whilst doing other things since they have literally nothing better to do to keep them occupied, not like they can go outside very often.
This is a guess though, but now think of the millions upon millions of people bored at home who might think "I wonder if..."
In some forums I lurk in there was some hubub about massive holes in security that were opened up via people who are used to working in an environment with IT support (somewhat secure, depending), etc, to people trying to figure everything out at home on their own and using new tools (both software and hardware) to do it. Don't know how accurate it is but it makes some logical sense to me.
> Although Samsung told NowSecure in March that it had sent wireless carriers a fix which could be transmitted to the phones, and not to go public on it for three months, Samsung did nothing about it.
As if written today, even though it’s 8 years ago lol!
I've stopped buying anything Samsung because their quality control has become non-existant.
My S22 ultra has a major bug that causes the screen to no longer update until I screenshot my way to the restart button. (Their response is trade in for an S23, but at my expense).
I've never had a TV fail before, much less within two years. When I first put it together, it seemed like it was designed to fail. When they do, repair means either be charged $300 for a $10 fiber optic cable or $400 for a new output box.
Any appliance repair person worth their salt would tell you to never buy Samsung appliances. They're the most prone to failure, most expensive to repair. They try to appeal to consumers by appearing like a luxury brand, while having bottom of the barrel engineering inside.
I am avoiding anything Samsung until their track record turns around completely.
Possibly, but Samsung is the 2nd most popular phone manufacturer on the planet. It stands to reason that with the level of visibility they'd have a lot of eyes on them to find these things. That list provided at the top is also a bunch of different devices and entirely different types of electronics, which again is an argument that the bigger the market the more likely that something will be found.
>Samsung has much greater than average occurrences of critical root level vulnerabilities.
I get it you dislike Samsung but citation needed for such claims other than "trust me bro".
Also, since Samsung is possibly the world's biggest, or at least one of the biggest makers and sellers of electronics, serving a wide variety of markets and price points, it's inevitable that their name pops up more often than other brands.
The target on your back from hackers and security researchers is proportional to your size as a company. Everyone would like to gloat they hacked a Samsung device. Nobody cares you hacked a TCL device.
So a better metric would be severe vulnerabilities per number of devices sold .
IMO the metric should also consider how long it took them to patch it. Everyone has zero days, that's life. But there is no excuse for not patching a critical vulnerability.
As an industry, if we can consider software broadly as one industry, it is disappointing that we simply do not have a quality and correctness and safety culture. It has been true for decades and still appears to be true that the more hidden a program is from the user, the more slapdash its implementation will be. Device firmware is universally garbage. It's just like that TPM 2.0 reference implementation thing that was on HN earlier this week. It's just written by clowns in clown language and when they find the flaws instead of fixing the process that led to the flaws they just put in one more line of ClownLang to hack around it. Something from outside the industry needs to come in with some reform mandates.
This kind of feels like I stopped building my own computers and moved to the Apple ecosystem with prebuilt systems. It was always easy for everyone to point their fingers somewhere else when something didn’t work. It’s a problem with the hardware, no the OS, no the software, no those two peripherals conflict…
There are still issues that crop up from time to time now that I’m on a Mac, but there’s also one place to turn to when there’s a problem and they generally do a pretty good job of resolving things (although the last big issue I had—which ultimately ended with my laptop going through a Ship of Theseus complete replacement took a while but that was also in November–December of 2020 when everything was pretty messed up & the service person was able to give me my choice of anything from the Apple store under $200 as compensation).
This is how I feel at work too. Someone's system is misbehaving, and I report a bug. They say it's some dependency's issue and direct me to ask someone there. No, that's your responsibility, not mine. I don't know the intricacies of your s2s interaction.
How many carriers require VoLTE for voice now? I keep getting nastygrams from my carrier telling me to upgrade my old non-VoLTE-capable phone or I'll lose voice 'any day now', with a drop-dead date that's moved several times.
My understanding is that CSFB works by signalling the LTE/4G handset to handover to the 3G or 2G network and continue the call setup on there. If carriers have shut down their 2G and 3G networks then there is nothing providing Circuit Switched services to fall back to.
Yes it’s def how it worked on the “backend” but i don’t remember what it did on the channel layer tbh. Maybe there’s a compatibility mode in enodeb. Also all three major providers have def shutdown their 2g/3g equipment as of last year
Exynos chipsets contain the Samsung-designed modems with problems. Qualcomm's Snapdragon chipsets use integrated Qualcomm-designed modems (usually) that should be safe (from this vulnerability).
If you still have the box or possibly a receipt, Exynos S22Us have the model number SM-S908B or SM-S908B/DS. Every other model is Snapdragon.
If you just have the phone itself, try the Geekbench or CPU-Z apps. They're benchmarking apps for the most part, but they also contain pretty detailed hardware reports.
Why are people still buying these phones?
- They fake your pictures - i.e. replacing the real moon with a fake one;
- Full of vulnerabilities in the wild.. all the time;
- Shady connections with Asia
Is there a top-tier phone model on the market that doesn't enhance photos in some way using AI? Not too long ago, there was an HN discussion on AI artifacts on iPhone photos thet are readily apparent when viewed from a large/hi-res display, despite looking "better" than non-enhanced pictures on the phone display.
The problem here is that Samsung are marketing it as "look how amazing our 100x zoom is!" when in fact it's not 100x zoom, its 30x digital zoom and the results are misleading. The iPhone issue was pointing out how comparatively bad the iPhone processing is...
My partner took a photo of food not long ago, with her iPhone 14. After doing photography for years I told her a photo shouldn't look like that. Why? Because she took it with back lighting and the food looked just perfectly exposed with texture and eveything, just like food photos from magazines.
I mean that's exactly the point of phone cameras, each year phone companies are pushing the edge to get the best on board image processing to do more and more with the limited camera hardware options, it would be naive to expect commercial level control (composing) on the camera and expect it to sell to masses.
Yup, South Korea has a cover up problem. They'd rather cover shit up than admit and take responsibility, all while responsibility is taken very seriously. That's also why bugs don't get fixed.
In 2015, a vulnerability in Samsung's SwiftKey keyboard was discovered that allowed attackers to remotely execute code on the device.
In 2016, researchers discovered a flaw in Samsung's Knox security software that could allow an attacker to escalate privileges and gain root access to the device.
In 2017, a vulnerability was discovered that allowed attackers to take control of Samsung's SmartCam cameras.
In 2018, researchers found a flaw in Samsung's Secure Boot feature that allowed attackers to install malicious firmware on the device.
In 2019, researchers discovered a vulnerability in Samsung's Galaxy S10 fingerprint scanner that allowed anyone to unlock the phone with a 3D printed fingerprint.