I personally don't like how it's possible to store data on my device without me being able to access the data. Also most of the time these keys are used for DRM. So... good IMO.
These companies think we are the ememy they must secure their devices against. Users having total control offends these corporations because we become too powerful and subversive. What are their little copyrights when we can read and copy everything? What are their little monopolies when we can customize, side load, debug, reverse engineer?
The security of the system is entirely because this key material cannot be extracted.
I don't know how Samsungs trust zone implementation works, but the Apple secure elements (Ax,Mx,and T2 coprocessor) burn fuses randomly inside the SoC on first power up. Those fuses are used to further encrypt everything down the line from that. There are APIs on macOS+iOS to create asymmetric keys where the private key is handled by the secure element and cannot ever be extracted. Encryption (or signing) using those keys is performed by the coprocessor.
This is the model you want from any "hardware wallet" you might have, and is the model you want to actually secure your data.
I have some bad news for you: that's possible with just about every computer introduced since 2013.
Google "Intel Management Engine" or "AMD PSP" or "ARM TrustZone".
The last of these could, in theory, be less bad, except no ARM licensee except Rockchip (and maybe Apple -- jury is still out there) has chosen the "be less bad" option.
Depends on how paranoid you are. There's no absolute assurance that my x86 hardware and OS aren't secretly using them for some active purpose without user knowledge, but all the evidence so far points to the fact that it's not, and the reputation risks to the vendors would be large if they got caught doing this kind of underhanded thing. Whereas my phone OS core functionality relies on the functionality and I know it's being used all the time for DRM etc.
(I'm not hapy with the x86 situation either, but it's still less bad)
SGX is implemented on top of ME and relies on it for a substantial fraction of its functionality. You are right though that trustzone and sgx are both TEEs.
I wish especially AMD would offer Java Card support through their PSP to the operating system, at least if the PSP is resistant to MMIO attacks on the integrity of the Java Card memory.
Being able to open a Diffie-Hellman encrypted, mutual-signature-authenticated channel to a remote device to then receive an AES key for disk encryption is far better than some TPM header that can easily be sniffed with physical access.
Would be even better if NVMe SSDs were able to authenticate themselves and let you transfer in a key over a DIffie-Hellman channel so sniffing the PCIe bus wouldn't deliver the key (or a non-PFS-encrypted encapsulated form of it) to an attacker.
The speeds of NVMe SSDs unfortunately prevent LUKS from being cheap, and TCG Opal is kind of a joke from a security standpoint (doesn't even (seem to) specify that the provided "password" is used to derive a key, suggesting that it may just be used via a password hash to compare against a database entry to decide whether to unlock a disk encryption key).
Even TPMs don't seem to encrypt the communications channel they use with the CPU/PSP, and they are often socketed which makes MITM attacks easy with physical access. If they'd offer Java Card, they'd at least be somewhat useful...
Exactly my first thoughts. Key is derived from "user-controlled data". That makes sense, it's my phone, isn't it? Why would the phone need to encrypt data in a way that the user can't access it.
The user positive use is securely booting to a password prompt to decrypt your data. Without this security working, anyone who steals your phone will be able to get all the data you have saved on it.
That's kind of the thing with Microsoft's bitlocker as well.
It automatically decrypts the hard drive on boot, so the only thing it could protect you from is someone removing the hard drive and mounting it somewhere else.
But if they have physical access to the device, why would they do that?
I think the idea is that Windows' security, once booted, is enough to protect your data. It's the same situation if, for example, your laptop gets stolen while in sleep / on the lock screen.
In theory, you shouldn't be able to get the key while booting on some other media (say, your own Windows USB drive).
> Ensuring the integrity of early boot components and boot configuration data. On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that leverage TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability.
Haha. You’re bringing up tech from 20 years ago when we’re discussing modern security measures, aren’t you very clever.
What hardmods do you know of for current gen consoles? Even the previous generation mostly fixed all public hardware based attacks.
This is standardized hardware that would be a relatively soft target to build tooling against, yet modchips are essentially dead because the attacks are just far too difficult.
This is pretty confusing, hardmods are definitely a thing for the current gen Switch - AFAIK it's the only way to jailbreak ones that were manufactured after some date and don't allow soft mods.
No, what you want is a random key. The security properties of an n-bit key depend entirely on those n-bits being random. Derived from user data is not (A CSRNG is not secure if the initial state is predictable).
The way security on modern devices with h/w support work is that a random key is generated in hardware. Subkeys are derived from that. Access to these keys (if they're ever directly exposed) is gated on the correct password, but nothing is actually protected by it.
This is what you want as it means you don't have to make a password that is maybe 50 characters long, and actually random (e.g. no word sets).
A particular example of why it's bad that you can't access all the data on your own device is the inability to audit security critical code. As a user, the only security guarantee you get is "trust us we are Vendor123" which means nothing.
I am pretty surprised how they allowed reusing IV. Unique IV is explicitly mentioned to be an assumption for AES GCM (first sentence in security section of AES-GCM wikipedia page)
How could anyone design TA (i.e application whose whole point is security and hence it runs in the secure mode) and allow user to set IV in the API?
My understanding is that TLS spec did not enforce non-repeating nonce, only suggested it and left it to implementers to decide which led to the vulnerabilities you explored.
This Samsung one here is in a way similar - the TEE API had a way for users of the API to set IV which it should not, TA should make sure the IV is not repeated.
Since you have done prior research in this area, is using a counter for IV still recommended even when IV is 12 byte? I assume chances of HW random number generator (which I assume exists on most phones today) colliding for 12 byte random number generation would be pretty low.
It gives me the impression that, even though I paid good money on it, Samsung doesn't see me as owner and will leech as much private data off me as they possibly can.
This is my impression as an unhappy Samsung smart TV owner, despite being a happy owner of an older Samsung "dumb" TV; the reason I bought their crappy smart TV.
My new Sony TV wouldn't allow me to do anything without connecting it to the internet during initial setup. I just wanted to use it as a dumb screen to show HDMI signal. But even that wouldn't work without initially connecting it to the internet. I haven't connected it to the internet since and so far it hasn't stopped working, but I wouldn't be too surprised if it does as some point and forces me to reconnect and update it.
I was trying to avoid it. I am tech savvy. I could not find a workaround. There was no way, at least none I could find despite my efforts, to skip the screen requiring you to connect without connecting.
That's very strange. I'm too lazy to factory reset the Sony tv I bought this year to try it, but here's a link to a "q and a" from Best Buy saying someone set up my model without Internet during a hurricane, and Sony themself indicating it works without Internet.
So assuming you are software savvy enough to not have missed the correct prompt, I have to assume there was a bug with the firmware version you recieved.
Some people like my 92 year old Grandmom don't have internet, and it would make no sense for Sony to have to deal with returns from them.
That is strange. I have a different model (KD65X80J), but it seems to have all the same options and software. Yet, even though I chose Basic TV instead of Android TV, the internet connection page did not have the option to skip. It might be a bug, as you suggest.
Is there a computer monitor that would satisfy your needs? That would spare you the ads. I use a 32” monitor that I found too big for computing as a TV (with external speakers and roku).
TCL and many other manufacturers use Roku For their OS. I’m on my second tv with it, and have never connected either to the internet, without any issues.
unironically, the Huawei p30 is a great android phone. Stable software, not a lot ofbloatware, and acceptably fast security updates.
Real shame they are not allowed to make Android phones anymore. I genuinely believe Samsung is a bigger security and data leakage threat nowadays than Huawei was a few years ago
You’re rewriting history. Huawei was blocked from Android access due to it being deemed an asset of the Chinese government. Not because it was leaking any data.
I have been using Samsung phone/earbuds/watch for a while now and I think the software experience is quite good (coming from Oxygen OS on OnePlus 6 (great) and having used Apple devices (stifling) in the past ). Their heavy handed UI/UX are things of past - One UI 4 has plenty of customization/useful features while being reasonably light (e.g. it has a feature that lets you force dark mode on apps that don't support it which is surprisingly handy). In terms of integration (which Apple is famed for), everything works seamlessly: when I take out the earbuds, the audio automatically routes to them, the watch syncs automatically with the phone with pretty decent exercise/fitness tracking out of the box, the app selection for the watch has improved due to them using Wear OS etc. Sure, there are some Samsung apps I don't care to use but that is not getting in my way. Their privacy record is a weak point indeed and it is unfortunate that we don't have any competitor in Android space that has the same or better level of polish while keeping privacy a priority.
On the other hand, I've owned most Nexus devices and loved stock Android at the time but probably won't be leaving the Samsung ecosystem anytime soon. Until the S6 or so I'd agree it was bloated and unreliable but since then it's been a consistent and reliable experience (with great hardware) and it would take a lot to move back to a Pixel.
A friend of mine just bought a Samsung flagship after grumbling incoherently about how Apple was evil. Within three days she returned it and went and bought an iPhone 13.
That’s a fairly good reference for the experience.
Which isn't any better IMO. Most recent Pixels have been a buggy mess from launch. Google doesn't see to give a damn about the quality of their devices which is especially bad considering they come at flagship prices.
On the other side, my mom's cheap Samsung A52 has been great so far.
My experience is that Pixel devices are far and away more competent than Samsung in many regards, but with the caveat that Samsung devices ship in a finished, stable state, but Pixel devices ship as if they’re not quite finished. The software is usually OK, but the hardware tends to be lacking in many regards. This is terrible since hardware can’t really be fixed later down the road, at BEST software workarounds can be employed.
The first Pixel was reasonably solid all around and mine lasted quite a while. The Pixel 2 XL’s terrible screen was my first hint that Google was not prepared to carry the torch of a true flagship phone.
That said: I would still often prefer the accidentally broken Pixel phones over the intentionally gimped and bloated Samsung phones. I just can’t buy one at launch, because I have no idea how Google will have fucked it up this time.
I used to have Samsung devices, but the quality just got worse and worse... currently quite happy with my LG V20 but it's on its last legs, and when I replace it I want something with a replaceable battery which is quite a rarity on higher-end phones these days. Am aware of the Librem5, but I still want to be inside the Android and google play ecosystem.
I'd argue that most Asian companies don't. China has really stepped up their game there I would say. From what I heard a decade or so ago, they used to hire a lot of software people from the valley to get some of the culture established in their organizations for a short period of time.
To some extent I'd say User Experience is directly correlated with how valuable software engineers are in that particular society.
True, Samsung makes a big deal of it. But they don’t actually deserve that title imo. They’re hardly a worthy contender. I am not an apple fan boy, but Samsung is just nowhere close to the apple experience.
Well, I own a few Samsung devices. There is no Samsung experience. I don't bother signing in into a Samsung account or using their store. What for? I already have to be signed in into Google's store to get updates for the apps I must use. Samsung's one is useless and it's not the reason I bought from them. I bought an A40 because it was the smallest Android phone on the market (and yet almost one inch too tall) and a tablet (S5e?) because it had Linux in DeX.
By the way, I keep Google usage minimal. I don't need most of their services. Even YouTube works without an account and I'm using NewPipe most of the time. What I really need is Play, only to update maps, Maps mostly because of satellite images (I use OSMAnd) and Translate as a dictionary. Syncthing and KDE connect deal with backup and file transfer.
Until recent Samsung smart devices, you HAD to use their store and the experience was horrendous. Full of nonworking paid apps, no working review system that I could see, it was an absolute nightmare to use. It's actually quite sad cause the hardware itself wasn't bad and the battery life of Tizen was fantastic.
They dropped support. The update to Android 10 removes it. Probably because 16.04 is EOL and they should have paid Canonical again to make X11 and possibly other systems work on Android. The number of users of that feature was probably low.
Having used a lot of Samsung software, I have to wonder if the root cause here is a language barrier. Their software frequently has translation errors, and their kernels are compiled on a computer in Korean Standard Time. For a lot of open source software, or basic introductions into, say, how to use AES-GCM, they're really only available in English reliably. Content in other languages frequently lags or is non existent.
I could totally imagine something like Google Translate missing a critical not or similar that completely changes the meaning of a sentence. For technical documentation, that could be a huge problem.
I have an old Samsung Galaxy S7 that I bricked a year back in the process of trying to make a backup of the data on it (the irony)... I think I may have blown the knox fuse. Could this be leveraged to give me my files back?
There are around 1000 other factors in buying phones, mostly much more important to most users. I get it when ie developers are frustrated by inconsistent behavior across phones, but for example I prefer longer battery life compared to something that still runs in the background because I used it few hours ago.
This is also about developer frustration, but not only. Over the years, I've used various alarm clock apps. There were some Huawei phones where it was literally impossible to get those alarm clock apps to work, because even if you added it to all whitelists, it would still kill the app in the background. Another issue is if you're using a messenger with VoIP functionality that you don't use every day. When an incoming call is received after not using the app for a while, it simply wouldn't ring.
Stock Android already contains energy saving mechanisms that work reasonably well. By piling potentially broken additional battery saving mechanisms on top of that, you risk breaking the phone for certain use cases. At the very least, as a user of that phone, there should be an easy way to exclude certain apps from energy saving measures. (Let's pick out Huawei again, where even if you added an app to such exclusion lists, after a few days the OS would randomly remove the app from that exclusion list again. Plus, there was some kind of "lock" that you could activate in the app switcher, but that lock wouldn't survive a reboot.)
Because some of the energy saving measures are so extreme, some manufacturers put popular apps on internal exclusion lists. These apps work fine, but apps by smaller developers don't. This is a major source of market distortion.
Huawei used to be the worst offender in this space, but it has gotten a little bit better by now. Nokia also had a phase where they had a horribly broken energy saver, but thankfully they got rid of that. Samsung has gotten worse and worse over the last years.
Is there also a dontkillmybattery website listing poorly designed apps that leach my data and energy? Because it's very easy to whitelist the good ones on a Samsung device.
See my reply to the sibling comment: https://news.ycombinator.com/item?id=30665186 I don't know about the current Samsung situation, but there were multiple phones by multiple vendors where whitelisting apps wasn't possible at all, or where it simply didn't work properly.
As DontKillMyApp notes, "the latest feedback suggests even when you remove an app from the restricted list, Samsung may re-add them later after a firmware update or when it thinks it is using too much resources". That is horrible.
i have a samsung phone for about two years now. it reinds me to update the system all the time, almost every month. i dont do the update now. i just ignore it, i dont need fancy new features. i love it not being that smart. i love it the old way.
They are system patches, which may include security patches. That doesn't make it more wise to ignore, but it does become easier to imagine why you would.
