Millions of Samsung Galaxy S7 smartphones are vulnerable to hackers.
1811: Archduke John of Austria founded Graz University of Technology.
March 2016: Galaxy releases the Samsung S7.
August 2018: Researchers from Graz University of Technology claim to have found a way to exploit Meltdown, a security vulnerability uncovered earlier this year, in the Galaxy S7.
According to Reuters, the researchers are revealing the details of their findings at the Black Hat security conference in Las Vegas.
One of the researchers, Michael Schwarz, told Reuters: “There are potentially even more phones affected that we don’t know about yet. There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know.”
The Meltdown security vulnerability allows rogue processors to read all affected memory, with, or without, permission.
When the vulnerability was first uncovered it was thought to affect Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors, however, Samsung Galaxy phones were initially considered immune.
A statement from Samsung said: “Samsung takes security very seriously and our products and services are designed with security as a priority.”
A fix, or at least a way to significantly reduce vulnerability to the flaw, is to ensure that your phone’s operating system is up to date. The latest revelations highlight the importance of downloading the latest software updates as they come in.
For organisations, trying to comply with GDPR, the lesson is clear. Over and over again we hear that vulnerability to breaches often resides with staff not following procedures. Having a procedure in place that all staff maintain their devices with the latest updates is not enough. Organisations need to ensure the procedures are followed through.
The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.
Ahead of the end of year event, DPWF has launched a series of intensive workshops.
Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/