Security Researcher: Samsung Galaxy S8 May Ship Without Patch For Wi-Fi Bug

[DO NOT PUBLISH - JHF]

When Samsung releases its Galaxy S8 smartphone family on April 21, the innovative devices may ship without the latest security updates, leaving them susceptible to a vulnerability disclosed last week.

With Samsung's ship date two weeks away, it's unlikely the company has enough time to update the forthcoming Galaxy S8 and S8+ devices with the Android patch issued by Google on April 5 that fixes the newly disclosed vulnerability, said a researcher at Lookout, a mobile security firm that serves network operators including AT&T, T-Mobile and Sprint.

[Related: 10 Things To Know About The Samsung Galaxy S8]

The vulnerability is related to Broadcom Wi-Fi chips, and was revealed publicly this week by a Google researcher.

"More than likely the software on the device will not have these fixes and [an update], delivered over the air, will be made in the days or weeks following the release of the device to the public," said Andrew Blaich, security researcher at San Francisco-based Lookout, in an email to CRN.

Samsung representatives did not return messages seeking comment.

The process of getting patches to user devices can take some time, Blaich said.

After Google fixes a bug, it becomes the responsibility of phone manufacturers to get the latest Android code, modify the code for their hardware and software needs, and then send the new version out to their customers, Blaich said.

Typically, though, Android manufacturers don't actually send the update directly to end users.

"Rather, the update then goes to the cell phone carriers whom test, validate, and may make other changes before finally shipping the updated software out to the end-user," Blaich said.

The impacted Broadcom Wi-Fi chips are used in the Galaxy S8 and S8+ as well as many other smartphones, including previous Samsung Galaxy devices and Apple's iPhones.

This week, a researcher for the Google Project Zero cybersecurity group disclosed the security vulnerability in Broadcom Wi-Fi chips that hackers could potentially exploit in order to seize control of smartphones and tablets.

Like Google, Apple also responded this week by issuing operating system patches for the bug.

South Korea-based Samsung is launching two versions of its new smartphone--the 5.8-inch Galaxy S8 and 6.2-inch Galaxy S8+.

The devices will include a number of new features such as a nearly bezel-free display, iris scanning and facial recognition for enhanced security and the Bixby virtual assistant.