The IT Nerd

On Monday, Bloomberg reported that Samsung notified staff of a new policy banning employee use of AI tools in response to discovering in April that its engineers had accidentally leaked internal source code by uploading it to ChatGPT.

The company is concerned that once data is transmitted to AI platforms it is then stored on external servers, difficult to retrieve and delete, and is then available to other users, according to the document disclosed to Bloomberg.

Furthermore, last month Samsung conducted an internal survey which revealed that 65% of respondents believe the use of AI tools poses a security risk.

Meanwhile, the company claims to be creating its own internal AI tools for translating and summarizing documents as well as for software development. It’s also working on blocking staff’s ability to upload proprietary information to external services. 

Other companies that have either banned or restricted the use of AI tools include JPMorgan Chase & Co., Bank of America Corp., Citigroup Inc., Deutsche Bank, Goldman Sachs, and Wells Fargo.

Roy Akerman, Co-Founder & CEO, Rezonate had this comment:

   “The wide adoption of AI language models is becoming widely accepted as a means of accelerating delivery of code creation and analysis. Yet, data leakage is most often a by-product of that speed, efficiency, and quality. Developers worldwide are anxious to use these technologies, yet guidance from engineering management has yet to be put in place on the do’s and don’ts of AI usage to ensure data privacy is respected and maintained.

   “The aspect of AI consuming all input as source material for others queries presents a black box of uncertainty as to exactly how and where a company’s data would end up and completely upends the tight data security at the heart of most all companies today. 

   “Blanket restrictions are not a permanent solution and will only limit an organization’s visibility to this problem. Instead, increased control, with education of developers on the cause and effect of using these tools for code reviews, code optimization, debugging and syntax will help harness the technology for the betterment of the organization.”

Clearly there are advantages and benefits to using AI, but there are risks as well. Companies need to weigh those risks so that they aren’t inadvertently creating a situation where AI does more harm than good.

Samsung announced on Friday it has developed a new security system to protect Galaxy S23 owners from image-based, zero-click exploits using a new virtual quarantine feature called Message Guard. These images require no interaction from the user to compromise the device.

Message Guard works by automatically placing any image file your phone receives into a virtual quarantine, otherwise known as a “sandbox” and “automatically neutralizes any potential threat hiding in image files before they have a chance to do you any harm,” explains Samsung.

Eventually, this protection will become a standard feature across the entire range of Samsung’s Galaxy devices.

David Maynor, Senior Director of Threat Intelligence, Cybrary had this to say:

   “I am a fan of the forward-thinking Samsung does in their products, like DeX. DeX turns your phone into a desktop computing environment just by plugging in a monitor and keyboard. This means that Samsung’s mobile devices could face not just mobile attacks but the same attacks as any laptop/desktop user depending on installed software.

    “Samsung already has Knox on mobile devices. Knox creates separate workspaces for a users personal data and a different one for work data. Message guard works in concert with Knox by attempting to detect attacks in each workspace by attackers looking to exploit zero-click exploits like those used by the NSO Group’s CNE software Pegasus.

   “I use a Samsung Galaxy Fold 4 as both a personal and work phone and can’t wait for Message Guard to come to my platform.”

I have to admit that this is a cool feature that I hope not only appears in other Android phones, but makes its way over to iOS as zero click threats are the “holy grail” of threats as they don’t require any user interaction to execute. And the sooner that day comes, the better off we all will be.

If you’re an owner of the new Samsung 990 Pro SSD, or you’re thinking of buying one, you might want to pay attention to this Neowin story that seems to indicate that these drives have a problem. They die far quicker than they should:

When you buy the fastest flagship SSD on the market, you expect a certain level of reliability and confidence from its performance, but things can and do go wrong sometimes, and customer support is paramount at instilling continued confidence in the brand. This has typically been the case for past Samsung drives, actually, even the non-flagship models have been highly reliable and perform excellently with very few that I have seen needing an RMA.

Colour me with sadness when within just a couple of days of buying the 990 Pro 2TB, I noticed that the drive health according to SMART data from both Samsung Magician and third party tools had dropped to 99%. For the record I have other Samsung SSDs with over 40TB written and still at 99% health 1.5 years later, so I knew this was not normal.

Within another day or so it had dropped to 98%, by this point I’d not even written 2TB to the drive. Fast forward a couple more days and the drive health was sitting at 95%.

To reiterate, what is being described here is not in the same universe as normal. So the writer of this story sent the drive back to Samsung, only to have the drive returned to him claiming that there was no defect found. Which if this was an isolated incident, you could say that might be the case, even though it’s clearly not. But it’s not an isolated case:

Around the same time I posted to OcUK and reddit to see if others had seen the same problem, as it turns out, they had, and there is a lengthy thread over at Overclock.net about it.

And:

More owners of the 990 Pro have come forward reporting degraded health reporting in another reddit thread, this time in the r/hardware subreddit.

So this isn’t an isolated problem. And once this story got out there, Samsung changed course:

Samsung’s RMA division, Hanaro, have reached out and offered to A) Replace this SSD, and B) Try to replicate the problem. Quite why both of these options were not on the table before the issue became public is a mystery. We still request that readers continue to share their 990 Pro drive health stats and what region of the world they are in so that a better overall picture can be drawn of what appears to be a potentially developing situation.

I would agree with that and go one step further. If you’re looking to put an SSD into your latest PC build, avoiding this drive entirely would be my advice as clearly it has issues that Samsung either hasn’t gotten to the bottom of, or is looking the other way until they’re forced to deal with it. And this is happening after the previous generation drive the 980 Pro had issues as well. Clearly something is wrong over at Samsung as consumers should not be Samsung’s QA department. And until Samsung comes out with a root cause analysis along with detailing how they are going to ensure that stuff like this isn’t going to happen in the future so that consumers can trust their SSDs, I’d be steering clear of all of their SSDs to be safe. After all, it’s your data on those SSDs and your data is vaulable.

Remember the Samsung Galaxy Note 7 fiasco? The one where phones were literally exploding all over the place due to swelling batteries and Samsung had to take every one of them back? Well, it might be happening again.

YouTuber Mrwhosetheboss has posted a video that shows that some Samsung smartphones are suffering from a swollen battery issue. He noted his S6 (2015), Note 8 (2017) and S10 (2019) all had swollen batteries. So he tweeted about it. Samsung saw that tweet and asked him to send the phones for examination. And that’s the last he heard from Samsung as they’ve gone silent for 50 days. Thus the need for him to make a video:

And it appears that he’s not the only one who’s noted this:

JerryRigEveryting offers this commentary:

This is not a good look for Samsung and it will be interesting to see how or if they respond to this. In the meantime, if you have a Samsung phone hiding in a desk drawer or a storage locker someplace, you might want to check on it. I say that because when lithium comes into contact with air, it creates a very violent reaction that can burn your house down. Thus this is a non-trivial situation that you might want to take seriously until all the facts are known.

Last year Apple came out with a self repair program. I was less than impressed at the time and my impressions with this could be summed up with this statement:

The bottom line is that this is an optics exercise for Apple. If they really wanted to embrace right to repair, they would go further than what was announced. But they haven’t. So don’t be fooled by this announcement. It isn’t what you think it is, and it’s not going to get the results that you think it will.

Fast forward to today and Samsung shows how to do a self repair program properly. Let’s start with this press release from Samsung:

Today, Samsung Electronics America announced that Galaxy device owners will be able to take product repair into their own hands for Samsung’s most popular models, the Galaxy S20 and S21 family of products, and the Galaxy Tab S7+ beginning this summer. Samsung consumers will get access to genuine device parts, repair tools, and intuitive, visual, step-by-step repair guides. Samsung is collaborating with iFixit, the leading online repair community, on this program. More information will be shared once self-repair is available.

To start, Galaxy device owners will be able to replace display assemblies, back glass, and charging ports — and return used parts to Samsung for responsible recycling. In the future, Samsung plans to expand self-repair to more devices and repairs from our extensive product portfolio.

Now assuming that Samsung follows through on this, which I believe they will as they have an interest in making Apple look bad, this makes what Apple is offering look rather pathetic and underlines the fact that Apple does not take self repair seriously as they are too busy finding new and creative ways to sell you another iPhone or MacBook.

I wonder if this move by Samsung will force Apple to get a clue and get with the times?

Android Authority is reporting that Korean Twitter users have compiled a list of 10,000 apps that are marked as subject to “performance limits” imposed by Samsung’s Game Optimizing Service. But if you go through the list, you’ll note that apps like Microsoft Office apps, Netflix, Google Keep and TikTok are on the list. And those aren’t games. And what makes this worse is that Samsung own apps such as Samsung Cloud, and even the default phone dialer preloaded on Samsung phones are affected. But benchmark apps such as Geekbench aren’t affected.

I can see three possibilities for this:

• Samsung could use the list to keep battery drain down on some of the world’s most popular apps, artificially inflating battery runtime tests performed by users and themselves for marketing purposes.
• Samsung could also be attempting to game the benchmarking tests commonly performed on tests and not delivering that speed to all apps evenly.
• This could be a coding mistake that Samsung somehow needs to fix assure customers that they aren’t trying to cheat.

It isn’t clear which this is. But when Samsung was approached about this issue, this happened:

Samsung is apparently investigating the GOS issue pointed out below. According to information circulation on Naver, the company is conducting an internal investigation and approaching the issue as seriously as the Galaxy Note 7 debacle. Samsung is also expected to make an official announcement regarding the matter soon.

Clearly Samsung is aware how bad this looks. And I for one will be very interested in what they have to say on this as this is not a good look for Samsung.

According to a research paper, Samsung reportedly shipped an estimated 100 million smartphones with botched encryption. In short, researchers at Tel Aviv University in Israel found that millions of Samsung Galaxy S8, Galaxy S9, Galaxy S10, Galaxy S20, and Galaxy S21 devices were shipped to customers with a security loophole that could have allowed hackers to steal sensitive information:

ARM-based Android smartphones rely on the TrustZone hardware support for a Trusted Execution Environment (TEE) to implement security-sensitive functions. The TEE runs a separate, isolated, TrustZone Operating System (TZOS), in parallel to Android. The implementation of the cryptographic functions within the TZOS is left to the device vendors, who create proprietary undocumented designs.

In this work, we expose the cryptographic design and imple- mentation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES- GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.

We discuss multiple flaws in the design flow of TrustZone based protocols. Although our specific attacks only apply to the ≈100 million devices made by Samsung, it raises the much more general requirement for open and proven standards for critical cryptographic and security designs.

Yikes!

The good news is that the researchers approached Samsung last May and July with the details of the vulnerabilities. Then Samsung fixed them via patches that went out to the affected devices. But here’s where I would be nervous if I were a Samsung user. Unlike iPhone in which every iPhone on Earth gets patched at roughly the same time, Android phones in general don’t get the same treatment. Patches might come from Samsung, Google, or your carrier. And they may be region specific. Thus it may take weeks or months before a patch hits your phone. If it hits your phone at all. So it is possible that not all of the phone that were affected by this are patched. And that’s a problem as it’s a safe bet that threat actors are looking at this paper and seeing how they can exploit any phone that still has these flaws. Thus my advice would be to make sure that your Samsung phone is running the latest security update. More info on that can be found here.