You may have caught news reports of the Pegasus spyware infecting the phones of politicians, journalists and activists. Mobile security is more important than ever, but it is a daunting task. Dr. Seungwon Shin, the VP and Head of the Security Team, Mobile eXperience Business at Samsung Electronics, penned an editorial in which he goes into detail on how Samsung Galaxy devices are protected against new threats.
Dr. Shin led security innovations in the Galaxy ecosystem, including the development of secure AP and the Samsung Knox Vault. He is member of the INTERPOL DarkNet Working Group as well as the Chair of the FIDO Korea Working Group.
Dr. Seungwon Shin is the VP and Head of the Security Team, MX Business at Samsung Electronics
“By now you’re likely thinking you’re fine, because you’re sensible. But there are many common misconceptions about security,” writes Dr. Shin. One example he gives is not opening suspicious email attachments – that’s not enough as there are what is known as “zero-click” attacks.
This is how Pegasus worked, by exploiting a weakness in a popular messaging system. “Zero-click” means that just receiving the malicious message is enough for the phone’s security to be compromised.
Dr. Shin touts the open source nature of Android as an advantage – it allows everyone to inspect the code and discover vulnerabilities. Samsung is running the Mobile Security Rewards Program, which has awarded over $3.5 million worth of bounties to academics and white hat hackers who contributed towards improving the security of Android.
The company also runs an Incident Response and Management team, which monitors emerging threats and uses machine learning to predict future threats.
Software isn’t enough, though, so Samsung builds security into the hardware of Galaxy devices as well. The most recent development on that front is the Knox Vault, which combines a Secure Processor with a Secure Memory Chip, which keeps sensitive information separate from the rest of the device.
This allows Samsung Knox to lock down services such as Samsung Pay and Samsung Pass as soon as it detects a major security risk. The Secure Memory Chip holds PINs, passwords, biometric data, digital certificates, cryptographic keys and so on.