Samsung revealed a surprising new security touch for the Galaxy S20
© 2020 Bloomberg Finance LP
In my cybersecurity world, surprises happen too often for my liking. Especially since they usually have the word “nasty” prefixed. This has been particularly true with regard to the smartphone sector, where everything from the discovery of cyber blinking perverts prefer iPhones to report on yet another vulnerability of WhatsApp adapt to the law. This is not always the case, however, and I am always happy to be able to write about positive security surprises. This is the case of the latest revelation from Samsung on the secure internal components of the Galaxy S20 smartphone.
Measuring security surprises in the smartphone sector
On the security surprise scale, I would put Samsung’s announcement somewhere in between the “say what?” of Microsoft announces it wants to secure iPhones, and the breathtaking one by scientists claiming to have developed a prototype of an “absolutely unbreakable” encryption chip. The latest revelation from Samsung is still surprisingly good news on the security front of Android smartphones, and it also involves a secure chip: the S3K250AF to be precise. Perhaps the biggest surprise, even taking into account Knox’s success in Samsung smartphones, is that it took Samsung so long to implement such a dedicated security chip. Google has the Titan M in its Pixel devices, and Apple has the T2-powered secure enclave in iPhones. We will have to wait and see how it will fare with these secure solutions established over time, but let’s explore what is known.
Samsung’s all new dedicated “Secure Element” security chip
The all-new “Secure Element” security solution based on S3K250AF, which will first be integrated into the Galaxy S20, brings for the first time the concept of autonomous and isolated sensitive data storage to Samsung smartphones. Combining a microcontroller with advanced hardware protection, as well as an optimized secure operating system, the new SE system has reached a Common Criteria Assessment Assurance Level (CC EAL) of 5+, which is the higher for a mobile component. Clearly, this means that owners of the Samsung Galaxy S20 series will receive a dedicated security chip in addition to the existing security layers already provided, such as the Knox mobile security platform. Dongho Shin, senior vice president of large-scale systems integration marketing (LSI) at Samsung Electronics, said: “Our new turnkey SE solution for mobile devices will not only secure user data while on the move, but also new mobile applications that will expand and enrich our daily lives.” What these new applications are, remains to be seen. Nbsp; What we do know is that this new secure element chip will provide what Samsung calls a “dedicated tamper-proof vault” for confidential and cryptographic data. So PIN codes and passwords, cryptocurrency credentials, and credit card payment tokens will be stored separately from standard mobile memory, and that’s a good thing, secure. It’s not the only thing that affects the security of a smartphone.
Android security requires more than just a chip, and therein lies my unsurprising concern
While this is all very good news from a security perspective, I am sorry to say that this does not solve the biggest security problem facing owners of Android smartphones: the highly fractured ecosystem. Raise your hand, I admit, my name is Davey Winder and, when it comes to Android phones, I’m a Samsungoholic. I love Samsung smartphones for many reasons, but security updates aren’t one of them. Yes, I admit I was pleasantly surprised when I recently reported how some owners of Samsung smartphones had received the January Android security update before Google Pixel device owners. However, there was no jubilation, as I said at the time, with my all-new Galaxy Note 10+ 5G two months behind the current security update level.
The February security update addressed a total of 25 vulnerabilities, from moderate to critical; my device received this update in the last week of February, leaving the threat window open for too long for my liking. The problem is, when it comes to Android security updates, it’s too much of a lottery: what device do you have, what network provider are you with, where do you live? All of these things combine to roll the dice as to when you will get the updates that are essential to the security of your device and your data.
“>
In my cybersecurity world, surprises happen too often for my liking. Especially since they usually have the word “nasty” prefixed. This has been especially true when it comes to the smartphone industry, where everything from the discovery that cyber-flash perverts prefer iPhones to reporting on another vulnerability in WhatsApp, is fine. This is not always the case, however, and I am always happy to be able to write about positive security surprises. This is the case of the latest revelation from Samsung on the secure internal components of the Galaxy S20 smartphone.
Measuring security surprises in the smartphone sector
On the security surprise scale, I would put Samsung’s announcement somewhere in between the “say what?” Microsoft announcing it wants to secure iPhones, and the breathtaking one by scientists claiming to have developed a prototype “absolutely unbreakable” encryption chip. The latest revelation from Samsung is still surprisingly good news on the security front of Android smartphones, and it also involves a secure chip: the S3K250AF to be precise. Perhaps the biggest surprise, even taking into account Knox’s success in Samsung smartphones, is that it took Samsung so long to implement such a dedicated security chip. Google has the Titan M in its Pixel devices, and Apple has the T2-powered secure enclave in iPhones. We will have to wait and see how it will fare with these secure solutions established over time, but let’s explore what is known.
Samsung’s all new dedicated “Secure Element” security chip
The all-new “Secure Element” security solution based on S3K250AF, which will first be integrated into the Galaxy S20, brings for the first time the concept of autonomous and isolated sensitive data storage to Samsung smartphones. Combining a microcontroller with advanced hardware protection, as well as an optimized secure operating system, the new SE system has reached a Common Criteria Assessment Assurance Level (CC EAL) of 5+, which is the higher for a mobile component. Clearly, this means that owners of the Samsung Galaxy S20 series will receive a dedicated security chip in addition to the existing security layers already provided, such as the Knox mobile security platform. Dongho Shin, senior vice president of large-scale system integration (LSI) marketing at Samsung Electronics, said: “Our new turnkey SE solution for mobile devices will not only secure user data when their movements, but also to activate new mobile applications that will expand and enrich our daily lives. “What are these new applications, remains to be seen. What we do know is that this new secure element chip will provide what Samsung calls a “dedicated tamper-proof vault” for confidential and cryptographic data. So the pins and passwords, the cryptocurrency credentials and the credit card payment tokens will be stored separately from the standard mobile memory, and that’s a good thing, secure. It’s not the only thing that affects the security of a smartphone.
Android security requires more than just a chip, and that’s where my unsurprising concern lies
While this is all very good news from a security perspective, I am sorry to say that this does not solve the biggest security problem facing owners of Android smartphones: the highly fractured ecosystem. Raise your hand, I admit, my name is Davey Winder and, when it comes to Android phones, I’m a Samsungoholic. I love Samsung smartphones for many reasons, but security updates aren’t one of them. Yes, I admit I was pleasantly surprised when I recently reported that some Samsung smartphone owners had received the January Android security update before the owners of Google Pixel devices. However, there was no jubilation, as I said at the time, with my all-new Galaxy Note 10+ 5G two months behind the current security update level.
The February security update addressed a total of 25 vulnerabilities, from moderate to critical; my device received this update in the last week of February, leaving the threat window open for too long for my liking. The problem is, when it comes to Android security updates, it’s too much of a lottery: what device do you have, what network provider are you with, where do you live? All of these things combine to throw the dice as to when you will get the essential updates for the security of your device and your data.
Samsung revealed a surprising new security touch for the Galaxy S20
© 2020 Bloomberg Finance LP
In my cybersecurity world, surprises happen too often for my liking. Especially since they usually have the word “nasty” prefixed. This has been particularly true with regard to the smartphone sector, where everything from the discovery of cyber blinking perverts prefer iPhones to report on yet another vulnerability of WhatsApp adapt to the law. This is not always the case, however, and I am always happy to be able to write about positive security surprises. This is the case of the latest revelation from Samsung on the secure internal components of the Galaxy S20 smartphone.
Measuring security surprises in the smartphone sector
On the security surprise scale, I would put Samsung’s announcement somewhere in between the “say what?” of Microsoft announces it wants to secure iPhones, and the breathtaking one by scientists claiming to have developed a prototype of an “absolutely unbreakable” encryption chip. The latest revelation from Samsung is still surprisingly good news on the security front of Android smartphones, and it also involves a secure chip: the S3K250AF to be precise. Perhaps the biggest surprise, even taking into account Knox’s success in Samsung smartphones, is that it took Samsung so long to implement such a dedicated security chip. Google has the Titan M in its Pixel devices, and Apple has the T2-powered secure enclave in iPhones. We will have to wait and see how it will fare with these secure solutions established over time, but let’s explore what is known.
Samsung’s all new dedicated “Secure Element” security chip
The all-new “Secure Element” security solution based on S3K250AF, which will first be integrated into the Galaxy S20, brings for the first time the concept of autonomous and isolated sensitive data storage to Samsung smartphones. Combining a microcontroller with advanced hardware protection, as well as an optimized secure operating system, the new SE system has reached a Common Criteria Assessment Assurance Level (CC EAL) of 5+, which is the higher for a mobile component. Clearly, this means that owners of the Samsung Galaxy S20 series will receive a dedicated security chip in addition to the existing security layers already provided, such as the Knox mobile security platform. Dongho Shin, senior vice president of large-scale systems integration marketing (LSI) at Samsung Electronics, said: “Our new turnkey SE solution for mobile devices will not only secure user data while on the move, but also new mobile applications that will expand and enrich our daily lives.” What these new applications are, remains to be seen. Nbsp; What we do know is that this new secure element chip will provide what Samsung calls a “dedicated tamper-proof vault” for confidential and cryptographic data. So PIN codes and passwords, cryptocurrency credentials, and credit card payment tokens will be stored separately from standard mobile memory, and that’s a good thing, secure. It’s not the only thing that affects the security of a smartphone.
Android security requires more than just a chip, and therein lies my unsurprising concern
While this is all very good news from a security perspective, I am sorry to say that this does not solve the biggest security problem facing owners of Android smartphones: the highly fractured ecosystem. Raise your hand, I admit, my name is Davey Winder and, when it comes to Android phones, I’m a Samsungoholic. I love Samsung smartphones for many reasons, but security updates aren’t one of them. Yes, I admit I was pleasantly surprised when I recently reported how some owners of Samsung smartphones had received the January Android security update before Google Pixel device owners. However, there was no jubilation, as I said at the time, with my all-new Galaxy Note 10+ 5G two months behind the current security update level.
The February security update addressed a total of 25 vulnerabilities, from moderate to critical; my device received this update in the last week of February, leaving the threat window open for too long for my liking. The problem is, when it comes to Android security updates, it’s too much of a lottery: what device do you have, what network provider are you with, where do you live? All of these things combine to roll the dice as to when you will get the updates that are essential to the security of your device and your data.
“>
In my cybersecurity world, surprises happen too often for my liking. Especially since they usually have the word “nasty” prefixed. This has been especially true when it comes to the smartphone industry, where everything from the discovery that cyber-flash perverts prefer iPhones to reporting on another vulnerability in WhatsApp, is fine. This is not always the case, however, and I am always happy to be able to write about positive security surprises. This is the case of the latest revelation from Samsung on the secure internal components of the Galaxy S20 smartphone.
Measuring security surprises in the smartphone sector
On the security surprise scale, I would put Samsung’s announcement somewhere in between the “say what?” Microsoft announcing it wants to secure iPhones, and the breathtaking one by scientists claiming to have developed a prototype “absolutely unbreakable” encryption chip. The latest revelation from Samsung is still surprisingly good news on the security front of Android smartphones, and it also involves a secure chip: the S3K250AF to be precise. Perhaps the biggest surprise, even taking into account Knox’s success in Samsung smartphones, is that it took Samsung so long to implement such a dedicated security chip. Google has the Titan M in its Pixel devices, and Apple has the T2-powered secure enclave in iPhones. We will have to wait and see how it will fare with these secure solutions established over time, but let’s explore what is known.
Samsung’s all new dedicated “Secure Element” security chip
The all-new “Secure Element” security solution based on S3K250AF, which will first be integrated into the Galaxy S20, brings for the first time the concept of autonomous and isolated sensitive data storage to Samsung smartphones. Combining a microcontroller with advanced hardware protection, as well as an optimized secure operating system, the new SE system has reached a Common Criteria Assessment Assurance Level (CC EAL) of 5+, which is the higher for a mobile component. Clearly, this means that owners of the Samsung Galaxy S20 series will receive a dedicated security chip in addition to the existing security layers already provided, such as the Knox mobile security platform. Dongho Shin, senior vice president of large-scale system integration (LSI) marketing at Samsung Electronics, said: “Our new turnkey SE solution for mobile devices will not only secure user data when their movements, but also to activate new mobile applications that will expand and enrich our daily lives. “What are these new applications, remains to be seen. What we do know is that this new secure element chip will provide what Samsung calls a “dedicated tamper-proof vault” for confidential and cryptographic data. So the pins and passwords, the cryptocurrency credentials and the credit card payment tokens will be stored separately from the standard mobile memory, and that’s a good thing, secure. It’s not the only thing that affects the security of a smartphone.
Android security requires more than just a chip, and that’s where my unsurprising concern lies
While this is all very good news from a security perspective, I am sorry to say that this does not solve the biggest security problem facing owners of Android smartphones: the highly fractured ecosystem. Raise your hand, I admit, my name is Davey Winder and, when it comes to Android phones, I’m a Samsungoholic. I love Samsung smartphones for many reasons, but security updates aren’t one of them. Yes, I admit I was pleasantly surprised when I recently reported that some Samsung smartphone owners had received the January Android security update before the owners of Google Pixel devices. However, there was no jubilation, as I said at the time, with my all-new Galaxy Note 10+ 5G two months behind the current security update level.
The February security update addressed a total of 25 vulnerabilities, from moderate to critical; my device received this update in the last week of February, leaving the threat window open for too long for my liking. The problem is, when it comes to Android security updates, it’s too much of a lottery: what device do you have, what network provider are you with, where do you live? All of these things combine to throw the dice as to when you will get the essential updates for the security of your device and your data.