Go straight to the menu Go straight to the text

Security Post

About speculative execution vulnerabilities in ARM-based CPUs

On 11 Jan 2018 by Samsung Mobile Security

Overview

Security researchers have discovered several methods, named Meltdown and Spectre, which allow a process with normal user privilege to perform unauthorized reads of memory data in privileged process by abusing speculative execution technique that has been widely adopted in modern high-end CPUs.

Google has released a separate patch that effectively mitigates issues identified by Meltdown and Spectre by restricting access to high performance timers and making it difficult to utilize such attack methods. Samsung already received the separate patch from Google as part of Android Security Bulletin and started rolling out patches as part of January 2018 Security Update. In order to reduce confusion, Samsung has added the Samsung Security Index, which can be found in Settings > about device > Security software version. SMR Jan-2018 Release MS (MS stands for Meltdown and Spectre) includes all patches from Samsung and Google from January 2018 Security Update as well as the patch mentioned above.

There are no known instances of these attack methods being exploited out in the wild at this time. These attacks methods rely on installed malware to execute a successful exploit of the vulnerabilities, and we recommend our users to download software only from trusted app stores such as Galaxy Apps and Google Play Store.
We will continue to work closely with our partners to provide further mitigations for these vulnerabilities and will release them in upcoming Security Updates as they are made available.

Background

Most modern high-end CPUs implement speculative execution in order to improve performance by operating multiple instructions at once with an assumption that CPU predictions are likely to be true. CPUs normally continue execution when the predictions are valid, but side effects may occur during rollback of these speculative executions when CPUs predictions are invalid. Attack methods introduced in Meltdown and Spectre take advantage of these side effects to gain unauthorized access to memory data in high privileged process from user privileged process. 

Spectre

Two attack methods referred to Spectre are CVE-2017-5753 “bounds check bypass” and CVE-2017-5715 “branch target injection". These attack methods abuse side effects by tricking the CPU to start speculative predictions and accessing privileged data during validity checks of CPU predictions.
Analyses from our partners show that these attack methods are extremely difficult to exploit; and the separate patch from Google (CVE-2017-13218) effectively mitigates these vulnerabilities by making exploitations difficult to utilize. 

Meltdown

Attack method referred to Meltdown is CVE-2017-5754 “rogue data cache load”, and it enables a rogue process to read kernel memory via execution of crafted series of instructions.
Analyses from our partners show that only selected numbers of Samsung devices are affected by this vulnerability; and the separate patch from Google (CVE-2017-13218) also effectively mitigate this vulnerability by making it harder to exploit. 

Official launch of Samsung Mobile Security Rewards Program

On 07 Sep 2017 by Samsung Mobile Security

Samsung is officially launching our Mobile Security Rewards Program, a new vulnerability rewards program which invites members of the security community to assess the integrity of Samsung’s mobile devices and associated software to identify potential vulnerabilities in those products.

Samsung’s Mobile Security Rewards program is the latest initiative to demonstrate our steadfast commitment to working in close partnership with the security research community and enabling secure experiences for all our customers.

For more information, please visit here.

Statement on the allegation concerning Samsung Pay security

On 07 Aug 2016 by Samsung Mobile Security

Keeping payment information safe is a top priority for Samsung Pay which is why Samsung Pay is built with highly advanced security features. It is important to note that Samsung Pay does not use the algorithm claimed in the Black Hat presentation to encrypt payment credentials or generate cryptograms.

Samsung Pay is considered safer than payment cards because it transmits one time use data at the vast majority of merchants that do not yet have EMV (smart payment) terminals. With Samsung Pay, users do not have to swipe a static magnetic stripe card.


Frequently asked questions on this statement may be found here.

For additional information on Samsung Pay Security, please visit here.