We know that it is easier today to attack a smartphone than a computer. Our mobile devices are computers connected to the Net, with computing powers that often exceed those of the computers on our desk. In the last year, that of the pandemic, Italy was in fourth place in the world for the number of computer viruses and dangerous files found on computers and smartphones. Here’s how Seungwon Shin, vice president responsible for Samsung’s Security Team responded to our questions.
The most common threats to mobile security?
Until a few years ago, typical vulnerabilities were related to rooting, remote attacks or related to unauthorized firmware installed on devices. Fortunately, these types of threats have been significantly reduced thanks to the increase of regular security updates. Open collaboration with security communities and bug bounty programs has also allowed us to discover any vulnerabilities early on, and fix them as soon as possible. But it’s always a moving target. Security threats are constantly evolving. We have seen the rise of phishing, social engineering tactics, ransomware attacks and spyware attacks, to name a few. That is why it is so important to do everything in our power to always stay one step ahead; and this is the reason why at Samsung innovation is the constant to better face this type of threats. 3
Do you think it is more risky to develop software for mobile devices or for businesses?
Both present their own challenges – enterprises typically mandate the installation of enterprise solutions with strict security policies, enforced through enterprise mobility management. In these cases, security risks tend to be limited to specific “attack surfaces”, depending on the industry and their customers. On the other hand, there is a much wider range of applications and services in the business environment. B2C mobile devices that need to be considered when developing software. That’s why Samsung integrates security into every single phase of the Software Development Lifecycle, from design to integration, testing through quality control and implementation, supporting users with at least four years of security update availability. Whether they are business customers or consumers, we are always looking for ways to improve the safety of our products and services and address the typical challenges of each type of user, so that they can enjoy the safest experience possible.
How can the private data of a smartphone customer be protected?
Samsung Galaxy devices are protected by Knox, our multi-layered security platform dedicated to defense, which protects users’ private data at every level of their device, from the chip to the apps in use. The data is also fully encrypted to ensure it never gets into the wrong hands. We keep the security key, as well as the users password, in a highly protected and locked place on the smartphone, thus making sure that they are out of reach, regardless of whether someone tries to physically enter or access this information remotely. Not only that, we have also added an extra layer of security with Knox Vault for some premium Galaxy devices, such as the Galaxy S21 series, Galaxy Z Fold3 and others, which completely separates the most sensitive user data, such as passwords or biometric data, from the system. operational, so as not to risk that these can be extracted from the device.
How do you define the security of an application?
It is difficult to determine if the apps installed on a device are safe, as we have no way of knowing which apps have been installed and downloaded by each individual user.We normally encourage users to download applications from secure sources, such as the Google Play Store or Galaxy Store, as sideloading can expose devices to unnecessary security risks. That said, we conduct security assessments for all Samsung apps, making sure to address any potential security risks before apps are present in app stores for the We also work closely with Google to make sure all apps on the Google Play Store meet our stringent security standards.