You may have caught news reports about the Pegasus spyware infecting phones for politicians, journalists and activists. Mobile security is more important than ever, but it’s a daunting task. Dr. Seungwon Shin, VP and head of the security team, Mobile eXperience Business at Samsung Electronics, wrote a headline detailing how Samsung Galaxy devices are protected from new threats.
Dr. Shin led security innovations in the Galaxy ecosystem, including the development of secure AP and Samsung Knox Vault. He is a member of the INTERPOL DarkNet Working Group and chairman of the FIDO Korea Working Group.
Dr. Seungwon Shin is VP and head of the security team, MX Business at Samsung Electronics
“Now you probably think you’re fine because you make sense. But there are a lot of common misconceptions about safety.” writes Dr. Shin. One example he gives is not to open suspicious email attachments – this is not enough as there are what are known as “zero-click” attacks.
This is how Pegasus worked by exploiting a vulnerability in a popular messaging system. “Zero-click” means that simply receiving the malicious message is enough to compromise the security of the phone.
Dr. Shin highlights the open source character of Android as an advantage – it allows anyone to inspect the code and detect vulnerabilities. Samsung is running the Mobile Security Rewards program, which has awarded over $ 3.5 million in bounties to academics and white hat hackers who have helped improve security on Android.
The company also runs an Incident Response and Management team, which monitors new threats and uses machine learning to predict future threats.
However, software is not enough, so Samsung also incorporates security in the hardware on Galaxy devices. The latest development on that front is the Knox Vault, which combines a Secure Processor with a Secure Memory Chip, which keeps sensitive information separate from the rest of the device.
This allows Samsung Knox to lock down services like Samsung Pay and Samsung Pass as soon as it detects a major security risk. The secure memory chip contains PINs, passwords, biometric data, digital certificates, cryptographic keys and so on.