I personally don't like how it's possible to store data on my device without me being able to access the data. Also most of the time these keys are used for DRM. So... good IMO.
I am pretty surprised how they allowed reusing IV. Unique IV is explicitly mentioned to be an assumption for AES GCM (first sentence in security section of AES-GCM wikipedia page)<p>How could anyone design TA (i.e application whose whole point is security and hence it runs in the secure mode) and allow user to set IV in the API?
This was patched a few months ago <a href="https://www.theregister.com/2022/02/23/samsung_encryption_phones/" rel="nofollow">https://www.theregister.com/2022/02/23/samsung_encryption_ph...</a> (right at bottom of article)
Having used a lot of Samsung software, I have to wonder if the root cause here is a language barrier. Their software frequently has translation errors, and their kernels are compiled on a computer in Korean Standard Time. For a lot of open source software, or basic introductions into, say, how to use AES-GCM, they're really only available in English reliably. Content in other languages frequently lags or is non existent.<p>I could totally imagine something like Google Translate missing a critical not or similar that completely changes the meaning of a sentence. For technical documentation, that could be a huge problem.
I have an old Samsung Galaxy S7 that I bricked a year back in the process of trying to make a backup of the data on it (the irony)... I think I may have blown the knox fuse. Could this be leveraged to give me my files back?
Don't buy phones from Samsung. They're the worst. They've been #1 on <a href="https://dontkillmyapp.com/" rel="nofollow">https://dontkillmyapp.com/</a> for a while now.
i have a samsung phone for about two years now. it reinds me to update the system all the time, almost every month. i dont do the update now. i just ignore it, i dont need fancy new features. i love it not being that smart. i love it the old way.