News Security researcher says to 'stop buying' Samsung phones

BrodaFett

Estimable
Mar 8, 2016
4
0
4,510
0
As far as I'm concerned the Pixel is not an option with the pathetic amount of internal storage, no SD card slot, and the cheapened Google drive storage with significantly less free space that came with the 3, and the lesser quality photos are stored in. Google has all of the opportunity in the world to be the king of devices, but they ALWAYS half arse it instead of going for the kill. I'd rather have a phone with significantly better specs and storage because I can always use a VPN and security system. Those are easy fixes instead of pain in the butt fixes for lack of internal storage, and endless backing up to the cloud. 1.5 terabyte of storage or 64? Gee let me think about it...
 
Feb 29, 2020
1
2
10
0
The article linked to the claim that Samsung was caught faking updates says that, along with Google and Sony, Samsung was among the best at not skipping updates.

And according to SnoopSnitch, my Galaxy S8 has every patch it's supposed to have.
 
Last edited:
Feb 29, 2020
3
0
10
0
Good points on security above, but privacy wasn’t addressed - in which case Apple destroys Google. Google tracks everything you do for monetization. Another thing worth mentioning is that the play store, while much improved, is still ripe with malware as opposed to the Apple AppStore, which does contain malicious items, but in much smaller numbers. The security researcher who did this speech is very reputable, and uses an iPhone. Having said that I love android, but do not use it. Pixel phones are great - if you don’t care that google is tracking your behavior that’s okay.
 
Last edited:

tsongming.ts

Prominent
May 31, 2018
2
0
510
0
This article seems a little biased, there are plenty of good, inexpensive phones that release security updates on track with Pixel and Apple. Is it possible that this article seems geared to please advertisers such as Google and Apple?

"Among the top 10 smartphone makers, nearly 96% of Nokia smartphones, sold cumulatively since Q3 2018, is already running on Android Pie or have had an Android Pie update issued to them. Samsung closely follows Nokia with 89% and Xiaomi with 84%. Xiaomi is good at ensuring its mid-price range products launch with the latest version of Android," per Tarun Pathak, Counterpoint associate director.

Next, I am not sure what onecommenter's beef is with Lenovo. The only connection that I could find linking Lenovo to the Chinese Government is that Lenovo is a publicly listed company with headquarters in Beijing, China, and Morrisville, North Carolina, United States. The company does a lot of business in the US and has never been called out by the US government for spying or for selling technology to Iran. I have a Lenovo product in my house that is actually somewhat old and it still receives occasional security updates.

China is an open global market for consumer electronics. Lenovo and Xiaomi are competing in China against Apple and Samsung. These companies would not survive if they could not meet the expectations of their customers, with Xiaomi, and One Plus in particular, both companies have built up a cult-like following by catering to tech gurus such as myself who are fans of modifying the OS with custom Operating systems called custom ROMs.
we are able to remove all advertising and use Android open source, along with Google Apps, which can operate only under strictest protocols. In addition, it is quite easy to keep updated with monthly security updates released by Google.

In addition, all of the these devices can be encrypted and once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process. Encryption ensures that even if an unauthorized party tries to access the data, they won’t be able to read it. This experience has also along for me to personally review open source provided by the companies list above, I can assure you that nothing nefarious is happening.
 
Feb 29, 2020
3
0
10
0
This article seems a little biased, there are plenty of good, inexpensive phones that release security updates on track with Pixel and Apple. Is it possible that this article seems geared to please advertisers such as Google and Apple?

"Among the top 10 smartphone makers, nearly 96% of Nokia smartphones, sold cumulatively since Q3 2018, is already running on Android Pie or have had an Android Pie update issued to them. Samsung closely follows Nokia with 89% and Xiaomi with 84%. Xiaomi is good at ensuring its mid-price range products launch with the latest version of Android," per Tarun Pathak, Counterpoint associate director.

Next, I am not sure what onecommenter's beef is with Lenovo. The only connection that I could find linking Lenovo to the Chinese Government is that Lenovo is a publicly listed company with headquarters in Beijing, China, and Morrisville, North Carolina, United States. The company does a lot of business in the US and has never been called out by the US government for spying or for selling technology to Iran. I have a Lenovo product in my house that is actually somewhat old and it still receives occasional security updates.

China is an open global market for consumer electronics. Lenovo and Xiaomi are competing in China against Apple and Samsung. These companies would not survive if they could not meet the expectations of their customers, with Xiaomi, and One Plus in particular, both companies have built up a cult-like following by catering to tech gurus such as myself who are fans of modifying the OS with custom Operating systems called custom ROMs.
we are able to remove all advertising and use Android open source, along with Google Apps, which can operate only under strictest protocols. In addition, it is quite easy to keep updated with monthly security updates released by Google.

In addition, all of the these devices can be encrypted and once a device is encrypted, all user-created data is automatically encrypted before committing it to disk and all reads automatically decrypt data before returning it to the calling process. Encryption ensures that even if an unauthorized party tries to access the data, they won’t be able to read it. This experience has also along for me to personally review open source provided by the companies list above, I can assure you that nothing nefarious is happening.
Tom's Guide doesn't make the the lion-share of their money from Apple and Google directly, mostly ads for random gear and product shout outs with affiliate links. They're simply reporting on a recent security talk, at a security conference where talks like this happen amongst security professionals. it's a good article.

All modern devices have storage encryption. This discussion was about other vulnerabilities.

As for communists, I don't have anything against them - it's a different way of living, that is not my own. as for china tech I stand with opinions of this nature: https://www.theverge.com/2019/3/17/18264283/huawei-security-threat-experts-china-spying-5g

I liked custom roms back in the day, I was using MIUI roms on my rooted androids before Xiaomi had major market hardware available. I ended up switching to iOS jailbreaking. and today I only run latest versions of stock iOS for fear of being pwned.
 
Last edited:

f_d

Mar 5, 2020
2
0
10
0
Mr. Hunter owes Samsung an apology.. One should always check sources before shouting out such a sensationalistic headline at a venue like RSA, and the same goes for Tom's Guide author Wagensell, especially since he covered the original 2018 paper and should have been aware of the response to it..

Yes, the original Hack-in-the-Box paper claimed that Samsung was missing a huge number of patches, but the researchers acknowledged afterwards that their methodology was flawed and in fact, when they re-examined the data, they found that Samsung was among the best in class and very complete in their patching, and they acknowledged this fact on their web site as well as in an updated slide deck, in which they also apologized to Samsung for their error..

The article linked to the claim that Samsung was caught faking updates says that, along with Google and Sony, Samsung was among the best at not skipping updates.

And according to SnoopSnitch, my Galaxy S8 has every patch it's supposed to have.
 
Feb 29, 2020
3
0
10
0
Mr. Hunter owes Samsung an apology.. One should always check sources before shouting out such a sensationalistic headline at a venue like RSA, and the same goes for Tom's Guide author Wagensell, especially since he covered the original 2018 paper and should have been aware of the response to it..

Yes, the original Hack-in-the-Box paper claimed that Samsung was missing a huge number of patches, but the researchers acknowledged afterwards that their methodology was flawed and in fact, when they re-examined the data, they found that Samsung was among the best in class and very complete in their patching, and they acknowledged this fact on their web site as well as in an updated slide deck, in which they also apologized to Samsung for their error..
Share your sources please, RSA is not a sensationalist source, it's a respected security conference. :)

https://www.techdirt.com/articles/20110325/12360313633/samsung-hires-actors-to-pretend-to-be-happy-galaxy-tab-testers.shtml

https://www.dailymail.co.uk/sciencetech/article-2476630/Samsung-ordered-pay-340-000-paid-people-write-negative-online-reviews-HTC-phones.html
 

f_d

Mar 5, 2020
2
0
10
0
Try Karsen Nohl's own site: https://srlabs.de/bites/android_patch_gap/

Also read the updated slide deck .pdf where the following statement of apology was added "The initial version of this talk also showed a Samsung J3 device as having multiple patch gaps. These gaps were measurement errors that have since been corrected for. Sorry, Samsung! "

RSA is definitely NOT supposed to be a sensationalist source, which is why it's so surprising that the president and CSO of a company would make such a claim based on a 2-year old paper that was acknowledged by the original author to be flawed, and tell everyone to stop buying a company's devices without carefully checking his sources and basically opening himself, his company and RSA up to a potential lawsuit.. Same goes for the reporter, who covered the original HITB presentation in 2018 and should have been aware of this and even if not, should have checked sources even though RSA is supposed to be a reliable source..

I'm not saying that Samsung is totally innocent in all things, but the incidents you've cited are basically a marketing organization that's a bit "ethically challenged" (as if all marketing isn't to some degree) in promoting their product vs. the security organization, which has historically been quite open..
 
Thread starter Similar threads Forum Replies Date
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0
admin Article Commentary 0

ASK THE COMMUNITY