Exact Sciences – Page 3 – Australian Friends of Tel Aviv University

Tag: Exact Sciences

TAU Researchers Identified a Serious Security Flaw in Samsung’s Galaxy Series

Written by AUFTAU on 1 April 2022. Posted in Newsroom.

TAU Researchers Identified a Serious Security Flaw in Samsung’s Galaxy Series.

Tel Aviv University researchers have discovered a serious security flaw in Samsung’s flagship Galaxy series. The researchers contacted Samsung in May 2021, and in October the company released a software update that fixed the loophole. According to the researchers, users who have not updated their Android software since October are urged to do so as soon as possible, as hackers could take advantage of the loophole found to hack into the Galaxy smartphones in the series and steal sensitive information.

The study was conducted by Prof. Avishai Wool of TAU’s School of Electrical Engineering, Dr. Eyal Ronen of the Blavatnik School of Computer Science, and graduate student Alon Shakevsky.

Securing the Last Layer of Protection

“In protecting smartphones using the Android system, there is a special component called TrustZone” explains Prof. Wool. “This component is a combination of hardware and software, and its job is to protect our most sensitive information – the encryption and identification keys. We found an error in the implementation of Samsung’s TrustZone code, which allowed hackers to extract encryption keys and access secure information.”

“It should be understood that phone companies like Samsung go to enormous lengths to secure their phones, and yet we still hear about attacks, for example in the case of the NSO spyware,” Dr Ronen adds. “TrustZone is designed to be the last layer of protection, the internal safe. So, even if NSO managed to hack into my phone, it still wouldn’t be able to access the encryption keys. For example, if I approve a bank transfer using a fingerprint, the fingerprint enters the phone’s TrustZone, and hackers will have no way to use the fingerprint to carry out transactions in my bank account. In our article, we showed that failures in Samsung’s code also allowed access to these sensitive cryptographic keys.”

The Research Team (from left to right): Alon Shakevsky, Prof. Avishai Wool and Dr. Eyal Ronen

“A Secret Code Never Guarantees Longevity”

In May 2021, the Tel Aviv University researchers contacted Samsung and presented their findings. In October 2021, Samsung released an update to the Android operating software that fixed the major loophole in about 100 million Galaxy phones. The company and the researchers coordinated the date of the publication of the findings and the date of the update in order to prevent hackers from taking advantage the loophole.

“Master’s student Alon Shakevsky worked for months on extracting the code from the device so that we could investigate it,” says Wool, “and two weeks ago hackers broke into the company’s databases and leaked Samsung’s code. The information that was previously confidential is today available to everyone, including researchers like us. Therefore, the lesson for phone companies should be to publish the code in advance, let the experts and researchers check the architecture, and not to rely too much on the code’s secrecy. A secret code never guarantees longevity, because it will eventually leak. In the end, we helped Samsung.”

“In order to protect ourselves,” Dr. Ronen concludes, “we encourage all owners of Samsung Galaxy devices to update their software.”

And Let There Be Light

Written by AUFTAU on 6 February 2022. Posted in Magazine, Newsroom.

Efforts by TAU’s Clinical Law Program will help keep electricity running for those who are struggling to pay utility bills.

The recent drop in temperature in Israel has led to a significant increase in electricity consumption. But what about those who simply cannot afford basic necessities?

A petition jointly filed by Tel Aviv University’s Human Rights Clinic at The Buchmann Faculty of Law will help keep the electricity on for some of Israel’s most underprivileged populations. In response to the appeal, Israel’s High Court ruled that electricity must not be cut off for citizens who prove a difficult economic or medical condition, effective immediately. We spoke with attorney Adi Nir Binyamini from TAU’s Human Rights Clinic, one of the lawyers who handled the case.

Electricity – A Fundamental Right?

In a precedent-setting decision, the High Court ruled on January 20 that access to electricity should be considered a fundamental right and that the Electricity Authority must, within six months, amend the criteria for power outages as a means of collecting debt. Meanwhile, the new ruling assists electricity consumers who find themselves in serious economic or medical distress, and ensure that they will not be left in the dark or the cold and without other basic needs.

The ruling came in response to a petition filed by the Association for Civil Rights in Israel (ACRI) in collaboration with the Human Rights Clinic at Tel Aviv University, Physicians for Human Rights and the Israel Union of Social Workers against the Electricity Authority, the Israel Electric Corp. and Energy Minister. It was filed on behalf of several poor families whose electricity had been cut off for non-payment.

The High Court of Justice ruled that, until the Electricity Authority establishes appropriate criteria and procedures (within six months from the time of the ruling), it must enable consumers facing power cuts from lack of payment to demonstrate whether they are suffering financial or health problems that justify their continued access to electric power. The court said the Electricity Authority must conduct a hearing prior to cutting a customer’s power. It gave the national electricity provider six months to revise its procedures and ordered it to pay the petitioners 40,000 NIS ($12,800) in expenses, to be divided among them. “This is a dramatic change from the previous situation, when it was possible to cut off people’s electricity access due to the accumulation of debt, except for very few exceptions,” explains Att. Nir Binyamini.

From the second hearing in Higher Court, on October 28, 2021 (from left to right): Gil Gan Mor (ACRI), Hicham Chabaita and Att. Adi Nir Binyamini from TAU’s Human Rights Clinic and Att. Mascit Bendel (ACRI)

The Beginning of a New Era

Binyamini, who has dealt with electricity litigation for several years now, says, “I feel personal and professional satisfaction that on the coldest day of the year, when people were left without heating, the High Court accepted our position and ruled not to cut off people’s electricity due to poverty and that debt must instead be collected by more moderate means.”

When asked how the Clinic got involved with the project, Binyamini explains that TAU’s Humans Rights Clinic was previously part of a legal battle over water disconnections for consumers unable to pay their water bill. “After that was successfully completed, we took on the subject of electricity and have been working on it continuously for the past eight years. The Clinic represented and handled the two petitions that were submitted to the Israeli High Court, and over the years we have dealt with hundreds of individual cases of people being cut off from electricity. We have also been guiding and assisting social workers with individual cases.”

She adds that a large number of students from the Clinic have worked on the case over the years, and stresses that such practical experience is an extremely valuable component of legal education.

Upon the court’s ruling, Binyamini along with Att. Maskit Bendel of the ACRI issued a statement, saying: “We hope that the ruling, which opened with the words ‘and let there be light,’ heralds the beginning of new era when it comes to protecting weak populations from having their electricity cut off.”

Attorney-at-law Adi Nir Binyamini from Tel Aviv University’s Human Rights Clinic (photo: Tomer Jacobson)