So we got a chance to interview Mr. Seungwon Shin, VP & Head of Security, Samsung Mobiles (Global), to understand some of the category-leading work undertaken by Samsung to enhance security features on most of its smartphones, tablets and laptop devices through Samsung Knox.
Samsung’s role in enabling a password-less future
“I’m actually a board member of the FIDO Alliance,” Mr Shin told us, “And Samsung was engaged in the development of ideas for the Passkey feature, which the FIDO Alliance introduced, and this was actually applied in Samsung Internet Browser at a third stage,” he explained, highlighting Samsung’s focus on innovating to enable a password-less future. “We are working closely on various means of biometric authenticators to replace the password,” Mr Shin emphasized.
In terms of enabling this futuristic, password-less security into their devices, Samsung’s Mr Shin shared the following insight. “We incorporate various biometric authenticators launched by the FIDO Alliance in order to protect our devices against all levels of threats and also to replace a password. With respect to the Passkey feature, which is one of the latest launches by FIDO, we announced our framework to support the Passkey in May 2022 and we are basically doing our best to become an early adopter, introduce the latest vital technologies in our devices as early as possible,” he said, explaining how Samsung can make significant contributions in pushing the industry forward in terms of enhanced security applications.
Preventing phishing attacks and protecting user privacy
The number of phishing incidents in India has gone up significantly since the pandemic began in 2020. At worse, security reports claim the phishing emails menace has gone up by as much as 4000-percent, whereas conservatively Indian government believes it has at least doubled. Mr Shin explained how Samsung’s Knox security tries to prevent these phishing attacks from occurring on supported smartphones. “We do offer secure Wi-Fi, secure DNS and by default we use domains provided by our trusted DNS providers such as Google, and this allows us to prevent any potential phishing attacks on our devices,” said Mr Shin.
Does Samsung collect data from users to ensure the links they’re clicking are safe? Mr Shin highlighted that, “We cannot collect or access data of the users for the reasons of user privacy. We cannot collect data without user consent, but as long as the customers use the basic features that are available on our phone and also for example by using the secure DNS domain provided by the trusted DNA providers as I mentioned earlier, then we will be able to prevent these types of attacks. In combating state-level cyber attacks that get launched, we are cooperating closely with Google and Microsoft to develop measures to best prevent them from our infrastructure,” he said.
Mr Shin better highlighted Samsung Knox’s security capabilities with an anti-phishing case study from the recent past. “In Korea, we have a lot of voice phishing attacks and our system has on various occasions automatically identified and blocked such attempts at voice phishing,” he claimed. “We have worked with the National Police Agency of Korea to develop an app that proactively predicts and blocks any potential voice-phishing attacks, and we do it through intelligence that’s available for us in order to identify these threats in advance. This allows us to guarantee maximum security and privacy for our users against voice-phishing type attacks,” claimed Mr Shin.
Samsung’s advantage in the threat landscape
According to Samsung, because of increased work from home due to Covid-19, the number of attacks targeting laptops and mobile phones containing personal information and sensitive information have also increased. Samsung has also seen a rise in number of banking trojan attacks, financial scam related attacks, and security threats trying to steal personal information has all increased in the recent past, Mr Shin confirmed. “Last year, we launched a new B2B laptop incorporating reinforced security measures, which allows the laptop and business users to better respond to any levels of threats on Windows,” highlighted Mr Shin. He also further explained the difference between cyber threats aimed at business users or enterprise customers and individual customers.
“The landscape of cyber threats between the two is quite different,” Mr Shin explained. “In the B2C landscape, we see more attacks that are dependent on the users or the consumers to make mistakes. Whereas in the B2B landscape we see more targeted attacks against the actual company or the management, and therefore we do provide focused security for these B2B customers,” he emphasized.
We also asked Mr Shin how Samsung’s silicon possibly differentiates its security measures compared to the likes of Intel and Apple. “We have what’s called Knox Principle, which covers both hardware and software of all the devices that we design and develop, and we apply the same security principle of Knox in designing and developing all of the models under our umbrella. One of our biggest differentiation is Knox Vault, which has been EAL5+ certified, allowing us to really provide a differentiated level of security in the ecosystem.”