Samsung develops new security chip for smartphones

[AshRiver]

https://www.zdnet.com/article/samsung-develops-new-security-chip-for-smartphones/

Quote

The new secure element chip is CC EAL 6+ certified and will launch sometime in the third quarter.

Quote

Samsung has launched a new secure element (SE) chip to protect private and sensitive data on mobile devices, the company said on Tuesday.

The chip, dubbed S3FV9RR, will be offered as a standalone turnkey with security software, Samsung said. 

Common Criteria, which certifies the security level of IT products from EAL0 to EAL7 with seven being the most secure, gave the security chip a Common Criteria Evaluation Assurance Level (CC EAL) 6+ certification. 

With the 6+ certification, Samsung said the SE chip has the highest rating to date for a mobile component.

According to Samsung, the new chip provides protection for mobile devices such as smartphones and tablets when performing booting, isolated storage, mobile payment, among other applications. 

It can also be used for e-passports and cryptocurrency hardware wallets, and to support hardware-based root of trust and device authentication. The chip is also versatile, Samsung added, as it can work independently from the security performance of a device's main processor.  

The SE chip will be available in the third quarter.

The company first deployed a similar SE chip back in February for the Galaxy S20 series, which was CC EAL 5+certified.

 

 

I can't wait for exploits and vulnerabilities for this chip to be publish onto the net, and look how adorable those tiny chips are. Aren't they cute?

 

Meanwhile, hackers in mom's basement:

[Letgomyleghoe]

But does it protect from downloading malware on google play? 
 

and that chips fucked even if shaggy uses %.09 of his power.

[Curious Pineapple]

1 minute ago, Letgomyleghoe said:

But does it protect from downloading malware on google play? 

Or the default and only web borwser?

[Morgan MLGman]

18 minutes ago, Letgomyleghoe said:

But does it protect from downloading malware on google play?

Well, no amount of security chips can replace common sense. If you're a dumbass, then there's nothing manufacturers can do...

[Letgomyleghoe]

31 minutes ago, Morgan MLGman said:

Well, no amount of security chips can replace common sense. If you're a dumbass, then there's nothing manufacturers can do...

I know, I was mostly joking about the whole malware on google play thing.

[Morgan MLGman]

Just now, Letgomyleghoe said:

I know, I was mostly joking about the whole malware on google play thing.

Oh I'm aware, I wasn't talking specifically about you, just people in general

[DrMacintosh]

1 hour ago, AshRiver said:

According to Samsung, the new chip provides protection for mobile devices such as smartphones and tablets when performing booting, isolated storage, mobile payment, among other applications. 

So its the T2 chip but does a few different things. So if this chip were to corrupt itself, poof, phone is useless. Just like a MacBook Pro with a T2 that has secure boot enabled. 

[MageTank]

3 hours ago, Morgan MLGman said:

Well, no amount of security chips can replace common sense. If you're a dumbass, then there's nothing manufacturers can do...

Growing up, my dad hated when any of us used the term "idiot proof". His response was always "As soon as you make something idiot proof, they build a better idiot". Him being a programmer, I can only imagine what he has been through from various users running his code, or his own colleagues not reading his notes.This somehow feels applicable to what you're conveying, lol.

[hishnash]

4 hours ago, DrMacintosh said:

So its the T2 chip but does a few different things. So if this chip were to corrupt itself, poof, phone is useless. Just like a MacBook Pro with a T2 that has secure boot enabled. 

if you replace it im sure you can boot. Like the T2 chip you can replace it with one from another machine (that is broken in some othre way) and you will be ok, you just need to ensure you also bring over the ssd from that machine since the T2 chip is the ssd controler so it keeps track of the sectors of each ssd chip that are in use etc.

[GOTSpectrum]

1 hour ago, hishnash said:

if you replace it im sure you can boot. Like the T2 chip you can replace it with one from another machine (that is broken in some othre way) and you will be ok, you just need to ensure you also bring over the ssd from that machine since the T2 chip is the ssd controler so it keeps track of the sectors of each ssd chip that are in use etc.

I'm pretty sure you can't do this... Although I'm no expert, T2 chips are what make the encryption/secure thing work. If you could just swap them wouldn't they be moot?

[hishnash]

50 minutes ago, GOTSpectrum said:

I'm pretty sure you can't do this... Although I'm no expert, T2 chips are what make the encryption/secure thing work. If you could just swap them wouldn't they be moot?

As long as you swap it out with its companion SSD chips there is nothing moot about it, you need to users PW of the user that set up the machine that you took the T2 chip from through. The security is maintained, from T2 chips perspective you have just replaced the CPU, gpu etc , i would assume this is the same for this sec chip that Samson have made.

[captain_to_fire]

8 hours ago, Letgomyleghoe said:

But does it protect from downloading malware on google play? 
 

and that chips fucked even if shaggy uses %.09 of his power.

 

7 hours ago, Morgan MLGman said:

Well, no amount of security chips can replace common sense. If you're a dumbass, then there's nothing manufacturers can do...

Considering that the Google Play Store is the trusted place for apps, I believe that it’s Google’s responsibility to have a proper app vetting process to screen clean and malicious apps considering that Play Protect’s detection scores aren’t on par with others. [here] [here]

[Letgomyleghoe]

39 minutes ago, captain_to_fire said:

 

Considering that the Google Play Store is the trusted place for apps, I believe that it’s Google’s responsibility to have a proper app vetting process to screen clean and malicious apps considering that Play Protect’s detection scores aren’t on par with others. [here] [here]

Yeah I was mainly joking at that lol

[CRWND_12]

The Apple T2 chip of Samsung

[LAwLz]

Some corrections to the comments in this thread.

1) The T2 is more than just a secure co-processor. This chip seems to be more like the secure enclave iPhone has. The secure enclave is a co-processor which handles some security features (like the T2 which also does stuff like image processing, it's the SSD controller, it controls audio and many more things). So this is like a T2 processor but with more than half the functionality removed, only leaving the security stuff.

 

2) The T2 got a bad rep for some reason. It's a great thing and every computer should have it. We should be thrilled that companies are focusing more on hardware solutions for security.

 

3) This seems like a competitor to what Qualcomm already has built in to their SoCs. All of the high end Qualcomm processors in the last couple of generations have had dedicated secure processing units embedded on them. I think it started with the Snapdragon 845, and before that you could implement them as separate chips. The 855 for example was EAL4+ certified. The Pixel 3 for example had a Snapdragon 845, but since it wanted a higher security classification they developed a chip called the "Titan M" and used that. I think the same chip is also in the Pixel 4 but I am not sure.

[Curious Pineapple]

1 hour ago, LAwLz said:

2) The T2 got a bad rep for some reason. It's a great thing and every computer should have it. We should be thrilled that companies are focusing more on hardware solutions for security.

I'd rather swap out my drives thanks. I'll take the risk of someone removing my SSD (and looking at my in game screen shots and big chungus background) over running back to the manufacturer with my pants down and bending over when the drive needs replacing.

[LAwLz]

6 minutes ago, Curious Pineapple said:

I'd rather swap out my drives thanks. I'll take the risk of someone removing my SSD (and looking at my in game screen shots and big chungus background) over running back to the manufacturer with my pants down and bending over when the drive needs replacing.

Well the SSD on the computers which has the T2 are soldered on, so it's not like you could do that anyway.

 

I am also pretty sure you could swap the drive out (assuming some soldering job was done). You just won't be able to get the data off the drive.

[Curious Pineapple]

Just now, LAwLz said:

Well the SSD on the computers which has the T2 are soldered on, so it's not like you could do that anyway.

 

I am also pretty sure you could swap the drive out (assuming some soldering job was done). You just won't be able to get the data off the drive.

They're tied together AFAIK, you need the pair. Dead drive is dead board without going back to manufacturer. If the machine came supplied with a scratch off code card that  contained the drive key then it wouldn't be an issue. If the board dies and you replace it, you enter the security key from the old board and it decrypts the data and you can either replace the key on the board, or have it decrypt the drive to allow you to backup and then re-write the data with the new boards encryption key.

[Doobeedoo]

Well it will be very interesting to see Samsung show this with new SoC that's definitely going to be ARM Cortex X1 core with RDNA based GPU too. 

[jagdtigger]

16 hours ago, DrMacintosh said:

So its the T2 chip but does a few different things. So if this chip were to corrupt itself, poof, phone is useless. Just like a MacBook Pro with a T2 that has secure boot enabled. 

Yeah, it seems security is the new buzzword for self bricking devices..... (and cannot be repaired OFC)

[jagdtigger]

36 minutes ago, LAwLz said:

Well the SSD on the computers which has the T2 are soldered on, so it's not like you could do that anyway.

Mac pro has it and have removable drives. BTW closed source "security through obscurity" type of solutions(T2 and this) should die in flames....

[LAwLz]

31 minutes ago, Curious Pineapple said:

They're tied together AFAIK, you need the pair. Dead drive is dead board without going back to manufacturer. If the machine came supplied with a scratch off code card that  contained the drive key then it wouldn't be an issue. If the board dies and you replace it, you enter the security key from the old board and it decrypts the data and you can either replace the key on the board, or have it decrypt the drive to allow you to backup and then re-write the data with the new boards encryption key.

That's not what I've read, or from my understanding of the T2. Do you have any source for this?

I don't see why you would have to replace the entire motherboard if the drive died (other than it being soldered on, which it is on all Macs with the T2 from what I know).

 

 

 

Here is how I understand it.

1) The SSDs on the T2 equipped Mac computers are physically tied to the motherboard because they are soldered on.

2) The data on the SSDs are tied to the T2 chip because that holds the encryption key.

3) The T2 is physically tied to the motherboard because it is soldered on.

4) The physical SSD is NOT tied to a unique T2 chip in any way.

 

 

So in what way does the T2 limit customers?

If the SSD dies then you will lose your data regardless of whether or not the computer has a T2.

If the motherboard dies then you would still lose all the data because replacing the motherboard means replacing the SSD (since it's soldered on).

 

 

 

Assuming all T2 equipped Macs have soldered SSDs, I honestly can't think of a scenario where it would matter if you had the T2 or not.

If the SSD dies then it wouldn't matter if it had a T2 or not.

If the motherboard died then it wouldn't matter if you had the T2 or not because the soldered on flash chips would need to be replaced anyway.

 

 

Maybe it is limiting if all of these criteria are met:

1) A component soldered to the motherboard other than the flash chips or the storage controller portion of the T2 died.

2) You are able to successfully, without damaging anything, transplant the working SSD from the broken motherboard to a new one.

3) You wanted to keep your files but since the SSD is no longer paired with the same T2 chip, decryption is not possible and you have to wipe the drive clean.

4) You didn't want proper encryption on your computer to begin with.

That's probably a very rare scenario though.

 

 

9 minutes ago, jagdtigger said:

Yeah, it seems security is the new buzzword for self bricking devices..... (and cannot be repaired OFC)

Well that's how proper security works.

You need someway to tie data to a specific machine to enforce things like a limited number of tries. Otherwise anyone could remove the drive from the computer and run brute force attacks on it from a far more powerful computer, or a computer that doesn't enforce things like limited number of tries, data wipes after X number of failed attempts, and the likes.

We have had similar things in computers for over a decade now (TPMs) and in phones they have had similar technologies for years as well. Like I said, all the high end Snapdragon processors have had security co-processors embedded in them for years now. Before that they used to be separate chips (like this Samsung one). Both AMD and Intel also have limited security co-processors embedded in them for years now. Although they typically don't deal with drive encryption so it's less user facing than these or a TPM. They still do a lot of the same things in the background though.

 

 

15 minutes ago, jagdtigger said:

Mac pro has it and have removable drives. BTW closed source "security through obscurity" type of solutions(T2 and this) should die in flames....

This is not "security through obscurity". There are detailed explanations of how the secure enclave works.

This is security through, well, secure design. Again, tying data to the hardware is a very, very crucial part of security a system and protection against data theft. That's why not just Macs do it, but Android phones, Windows computers and iOS devices does it. The big difference is that Macs are secure out of the box, while for example Windows changes extra for it (Pro version only) and has it disabled by default.