Wave Systems Corp. (fka WAVXQ)

[Genz2]

Samsung cops to data breach after unsolicited '1/1' Find my Mobile push notification

https://www.theregister.co.uk/2020/02/24/samsung_data_breach_find_my_mobile/

Tight-lipped chaebol still won't talk about the dodgy app, though

Samsung has admitted that what it calls a "small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification.

Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them.

Many readers, assuming Samsung had been hacked, logged into its website to change their passwords. Now the company has admitted that a data breach did occur.

A spokeswoman told The Register: "A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed."

She added: "We will be contacting those affected by the issue with further details."

From the not-insignificant number of emails El Reg received about the website snafu, it remains to be seen whether Samsung's definition of "small number" is the same as that of the rest of the world.

Of potentially greater concern is the mystery 1/1 push notification from Find my Mobile, a baked-in app on stock Samsung Android distributions. Although the firm brushed off the worldwide notification as something to do with unspecified internal testing, many of those who wrote to El Reg said they had disabled the app. Stock apps cannot be uninstalled unless one effectively wipes the phone and installs a new operating system – unlocking the bootloader and reformatting with a new third-party, customised ROM.

Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications. Nor did it say what other functions this "disabled" app was capable of executing. ®
==================================================================
Wave Systems Signs 15-year License Agreement with Samsung

https://www.wavesys.com/buzz/news/wave-systems-signs-15-year-license-agreement-samsung

Author:

Mike Lennon

Security Week -

Wednesday, May 30, 2012 -

Wave Systems has signed a 15-year software license and distribution agreement with Samsung, enabling Samsung to bundle Wave’s EMBASSY Security Center (ESC) and TCG Software Stack (TSS) technology with devices that include a Trusted Platform Module (TPM), an industry standard security chip embedded in the motherboard of a computer or other electronic device.

In an SEC filing, Wave said it would receive a per-unit royalty based on Samsung’s sales of products that include its technology, but did not provide estimates in terms of expected revenue derived as a result.

Security Week has full article.
==================================================================
Samsung could prevent breaches from occurring by using the technology from its partner Wave Systems!!!! The TPM/TEE could be used as a secure container for sensitive information, and the TPM could be managed by Wave's software!! Just a reminder for those at Wave and Samsung that may be able to use information for a problem that showed itself.