Related
This is just some random thoughts as at the moment, I'm not for one or the other.
I like rooting and experimenting with different ROMs as much as the next guy, but when I read about Samsung Knox, I think I like it too.
With Knox, I can finally saved all my private data in a Knox container and never worry about it falls into the wrong hands.
I never used any password manager like Keepass on my phone so far, it was because I never knew if the app I just installed yesterday would sip out my passwords and quietly pass them to a remote server without my knowledge. How do I know after I unlock Keepass that another app wouldn't suck out all my passwords? I don't.
Same for other personal documents that I scanned and stored on my phone. Without Knox, I will never know if they stay only on my phone.
I wish we can have Knox and also can root with impunity
Did I understand it correctly?
Thanks for any inputs.
Keepass saves passwords in an aes256 encrypted file and runs with a localized secure enviroment (though I'm not sure on the details of this security). As an open source program this can easily be tested however. As a closed source program, Knox (or any number of other password managers) are much harder to test against exploits. I know exploits have obviously been found and fixed by the Keepass team, as with any security software. However I've never seen a good reason to mistrust Keepass over other password managers.
As for the details of Knox, I can't say. But from what I've read it seems like container based encryption. There are other container encryption apps but I don't know much of anything about them. I just use my laptop for that.
Remember, unless your whole device is encrypted, unlocking the encrypted container and viewing the files within will leave traces in the file system which can be pieced together by a competant snoop. Since mobiles are easily stolen compared to other computers, this needs to be kept in mind when working with secure documents.
E_Phather said:
Keepass saves passwords in an aes256 encrypted file and runs with a localized secure enviroment (though I'm not sure on the details of this security). As an open source program this can easily be tested however. As a closed source program, Knox (or any number of other password managers) are much harder to test against exploits. I know exploits have obviously been found and fixed by the Keepass team, as with any security software. However I've never seen a good reason to mistrust Keepass over other password managers.
As for the details of Knox, I can't say. But from what I've read it seems like container based encryption. There are other container encryption apps but I don't know much of anything about them. I just use my laptop for that.
Remember, unless your whole device is encrypted, unlocking the encrypted container and viewing the files within will leave traces in the file system which can be pieced together by a competant snoop. Since mobiles are easily stolen compared to other computers, this needs to be kept in mind when working with secure documents.
Click to expand...
Click to collapse
Thanks for the comment. When I tried Keepass on my PC, as soon as I enter the master password, all passwords are visible. So I just assumed that any malware running in the background can suck them all out and ship them 'home'. With knox, if I understand correctly, nothing can go out once it's in the container. Nothing can get into the container from outside the container either. I'm already using Android whole disk encryption, but that doesn't prevent data from being 'sucked' out without our knowledge when we are using the device. It's good only to prevent data from being accessed if we lost the device.
I use Truecrypt container on my PC, but once we unlock the container, everything is visible by the whole system. Unlike Knox container. So I think Knox does have its value.
some keyloggers can read the clipboard data of password managers (this is why a number of secure inputs dont allow the pasting of passkeys), and I suppose it is possible to intercept the video data and essentially send screenshot data. This is beyond the real strength of a password manager. The Knox idea of keeping it in the container yet reading it is interesting. Do you know of a desktop equivalent? I had previously thought unlocking the container would open it up for any malware present.
i share many of the same opinions with you, but as many other people are concerned, and very much turned off, if this is going to impose hardcore restrictions on rooting and installing custom ROMs, then i'm not sure what to think of knox. it IS there to secure stuff, so it's sort of a slippery slope deal. i guess for the non-experimental people who use vanilla TW and all that, it's a luxury.
this article, though a bit dated, was pretty helpful: http://blog.kaspersky.com/understanding-samsung-knox/
I'm all for consolidation, but there's something that keeps me from wanting to use Google Wallet and/or Samsung Pay.
I know that, specifically with Samsung Pay, they say their token system is even safer than swiping the actual card because of all the data located on the magnetic strip.
However, where is the original information stored when we first take a picture of our card? That image and the information we put in our phones must be stored somewhere, right? How truly secure is our data when we first put it in the Samsung Pay app?
My biggest fear is, wherever that storage location is, that our data will somehow get hacked in the future...
Thoughts?
Well you don't have to take a picture of the card if you don't want to. You can manually add all your card info in. When I was accepted in the beta I just manually input my info. I have USAA so it didn't work, but I can verify that you don't have to take a pic.
kevs888 said:
I'm all for consolidation, but there's something that keeps me from wanting to use Google Wallet and/or Samsung Pay.
I know that, specifically with Samsung Pay, they say their token system is even safer than swiping the actual card because of all the data located on the magnetic strip.
However, where is the original information stored when we first take a picture of our card? That image and the information we put in our phones must be stored somewhere, right? How truly secure is our data when we first put it in the Samsung Pay app?
My biggest fear is, wherever that storage location is, that our data will somehow get hacked in the future...
Thoughts?
Click to expand...
Click to collapse
I've been digging around a ton in this subject, and have still come up with more questions than answers. I'll start with some basic definitions.
Tokenization: The act of substituting sensitive information (in this case card information) with a non-sensitive token that references the sensitive information (maps back to sensistive information through a tokenization system. Reverse engineering the sensitive information is unreadable without access to the system. For Samsung pay, this token is device specific. A dynamic, one time use security code is also transmitted.
MST: Magnetic Secure Transmission. This method of payment emulated a card swipe by generating a magnetic field that the magnetic sensor in a card reader picks up. This method of payment, at least in my eyes, is a stop gap. Samsung claims that it still uses tokenization, but I am not sure that is possible. The magnetic field is rather weak, and strength and distance have an exponential inverse relationship. This means that the field is practically undetectable beyond 3 inches.
For NFC payments, Samsung utilizes basically the same technology as Apple Pay. No sensistive information stored anywhere, tokenization, one time security code handshake, etc. This is pretty much considered the most secure form of payment after cash. MST, on the other hand, is only as secure as swiping your card. To me, MST is not a long-term solution. Samsung Pay defaults to NFC if it detects the terminal support. It's a stop gap measure. One that allows the ease of use of mobile payments even where NFC/EMV terminals have not been adopted. It will slowly phase out in use.
iScott78 said:
Well you don't have to take a picture of the card if you don't want to. You can manually add all your card info in. When I was accepted in the beta I just manually input my info. I have USAA so it didn't work, but I can verify that you don't have to take a pic.
Click to expand...
Click to collapse
knightr said:
I've been digging around a ton in this subject, and have still come up with more questions than answers. .
Click to expand...
Click to collapse
Thanks for your replies.
I guess my main concern is not the security of when we're actually paying at a POS in a store...I'm wondering who stores the initial card information when we type/capture the information within Samsung Pay initially?
Samsung Pay touts that no sensitive information is actually stored on the phone when making a payment. However, that sensitive information has to be stored somewhere, right?
Maybe even on a broader scope, with Google Wallet, Android Pay, Apple Pay, and Samsung Pay, do they store our credit card information in their servers?
As secure as OUR transactions may be, if their systems get hacked with our initial information stored, we're in deep doo-doo. Call me paranoid, but with all these retailers and creditors getting hacked, I'm freaked out about having card information stored somewhere other than in my wallet.
kevs888 said:
Thanks for your replies.
I guess my main concern is not the security of when we're actually paying at a POS in a store...I'm wondering who stores the initial card information when we type/capture the information within Samsung Pay initially?
Samsung Pay touts that no sensitive information is actually stored on the phone when making a payment. However, that sensitive information has to be stored somewhere, right?
Maybe even on a broader scope, with Google Wallet, Android Pay, Apple Pay, and Samsung Pay, do they store our credit card information in their servers?
As secure as OUR transactions may be, if their systems get hacked with our initial information stored, we're in deep doo-doo. Call me paranoid, but with all these retailers and creditors getting hacked, I'm freaked out about having card information stored somewhere other than in my wallet.
Click to expand...
Click to collapse
That sensitive information is stored exactly where it is currently stored: only with the financial institution. Samsung does not have access to your PAN, the device doesn't know your PAN. Only the card issuer's bank knows your PAN. With Samsung Pay, your device generates a device-specific token to use instead. The token is linked to the device, and so can only be used from that device. It is considered mathematically impossible to reverse engineer as it is generated randomly, and has no real attachment to the sensitive information it references.
Even in the case of the photograph setup. That image is never written to disk. It's held in RAM for the duration of it's life, then most likely just dereferenced (RAM is overwritten so frequently that you really shouldn't need to worry about remnants, although they might have chosen to overwrite the address space... I doubt it, though). The only way your card information is getting stolen is if the financial institution is hacked, and I'd imagine they pretty rapidly disable all cards if that were to happen.
knightr said:
That sensitive information is stored exactly where it is currently stored: only with the financial institution. Samsung does not have access to your PAN, the device doesn't know your PAN. Only the card issuer's bank knows your PAN. With Samsung Pay, your device generates a device-specific token to use instead. The token is linked to the device, and so can only be used from that device. It is considered mathematically impossible to reverse engineer as it is generated randomly, and has no real attachment to the sensitive information it references.
Even in the case of the photograph setup. That image is never written to disk. It's held in RAM for the duration of it's life, then most likely just dereferenced (RAM is overwritten so frequently that you really shouldn't need to worry about remnants, although they might have chosen to overwrite the address space... I doubt it, though). The only way your card information is getting stolen is if the financial institution is hacked, and I'd imagine they pretty rapidly disable all cards if that were to happen.
Click to expand...
Click to collapse
That's a great explanation. Thanks for that.
What got me nervous was reading on Google Wallet that " All your financial information in Google Wallet is encrypted and stored on Google’s secure servers in secure locations."
Does this mean Google's methods are less secure (relatively speaking) than Samsung Pay?
kevs888 said:
That's a great explanation. Thanks for that.
What got me nervous was reading on Google Wallet that " All your financial information in Google Wallet is encrypted and stored on Google’s secure servers in secure locations."
Does this mean Google's methods are less secure (relatively speaking) than Samsung Pay?
Click to expand...
Click to collapse
With Google Wallet, Google (kind of) acts as the Token Vault, rather than leaving this to the banks' Tokenization Systems. When you put a card into Google Wallet, a virtual card number is generated. This virtual card number links to some Google cloud software payment system, which then routes the purchase through your actual card number. So yes, Google does store your actual card information encrypted somewhere, but doesn't transmit it.
While Google Wallet doesn't support banks' Tokenization Systems, Android Pay will. Google Wallet will more than likely deprecate support to add cards, and will be used as a front for your Wallet balance. I think the direction they are pushing Google Wallet is for money transfers between people (think Venmo and Paypal), while Android Pay will be their merchant payment solution.
Im just going to stick with Android Pay. I am rooted so I can't use Samsung Pay anymore.
how safe is samsung pay need a pan card
if you want to safe a Samsung pay specifically with Samsung Pay, they say their token system is even safer than pan card need copy this link and search //knowyourpan.net/
Hello
I moved from Note 5 to Mate 9 which is impressive. However, in Note 5 I used to activate Private Mode via fingerprint but this option is not available anymore in Mate 9 although some sites are talking about the same steps.
Since I can't find an option for Private Mode, using "Private Space" can I move files from user 1 to user 2 to keep them private?
I hope I explained the question correctly.
Thanks,
Hi does anybody know how to activate private space on mate 9 oreo please? I can't find it anywhere. Cheers
Settings, Security and Privacy scroll down to private space....
Thanks Sean I've tried that not getting private space option just file safe is that same thing?
cnutt1 said:
Thanks Sean I've tried that not getting private space option just file safe is that same thing?
Click to expand...
Click to collapse
NO I think its different file safe just hide files whereas private space is the separate phone system different.... I'll try to post a picture of what I mean I'm on Oreo and it seems to work for me. I wonder do you know what the notification assistant is?
This is what I'm talking about
I'm missing that strange ,it's not worth me factory resetting I don't think because huawei will be removing the beta 3 november.sirry don't know what notification assistant is I'll be sure to let you know if i find out.cheers sean
If you have your default storage set to SD card, it will not show up. Default storage has to be set to internal.
Thanks Philly sorted
For getting private space on Huawei mate 9 oreo.
go to Settings > Security & privacy > PrivateSpace > ENABLE
After you create a Private Space, you can only enter it's settings when currently on the actual Private Space.
Hello,
I have a rather interesting question, if someone (expert only please) can help, it would be very much appreciated
I have bought a new phone (Huawei Mate 10 Lite) which already has the preinstalled Android 7 OS.
After I turned it on, I've upgraded it to Android 8 (and EMUI 8) via the Software Updater.
So now, I am running Android 8 on Huawei Mate 10 Lite.
Until here, everything works like charm
The problem starts here: I'm used to having my ENTIRE user data partition (phone/device, call it as you wish) ENCRYPTED.
I am using my phone very much in different environments and if I accidentally loose it or it gets stolen, I want to ensure that nobody can access my private data by any possible means.
So, when I go to the classical place for encrypting phones: Settings -> Security & Privacy, I noticed that the "Encrypt Phone" option is MISSING.
I have only "Encrypt SD Card", but I do not have an SD Card, nor do I use one. I use only the internal flashdisk memory.
I even turned on the Developer mode and searched for that specific setting, but I cannot find it.
I googled about this problem and what I found even deepens the mystery, as there are some contradicting information and it doesn't paint a clear picture on how the hell encryption works on Android 7/8...
- In one place, it says that starting with Android 6 phones, the option of encrypting the entire phone is no longer available, as all phones with Android 6+ preinstalled are already encrypted !
Bump ! Really ?
- Somewhere else, someone says that the Full Disk Encryption (FDE) has been replaced with File Encryption and Google is slowly marking full disk encryption as obsolete...
I found the File Encryption on my phone and I have the possibility to create a file encryption "folder" or "vault" or what is that, but I do NOT want that, as I want the entire partition to be encrypted !
I am using VPNs, SSH keys, Pictures, E-mail accounts, Web browsers with stored passwords, basically the entire user partition contains secrets ! I cannot move everything to a secure container... maybe I forget something, and that something remains unencrypted ?
I cannot move everything to a secure SD Card or to put it in that encrypted "folder", because some secrets are files, some secrets are particular app settings or credentials.
Yes, I read about the fact that in Full Disk Encryption mode, a PIN is required for startup (as I had with my previous phone, which was great for me, by the way), and that PIN can prevent the booting of some basic functions of the device or the functioning alarms or something like that.
To tell you honestly, I don't care about those functions. I only want ENTIRE device encryption with one single PIN code.
I have already changed my SIM PIN (which is another thing, it doesn't relate to this), and I generated a phone PIN & Fingerprint on my phone, and set my phone to Lock after 15 seconds.
For everyday usage, the PIN/Fingerprint is enough to keep others from accessing my content, but what about plain disk access (using some other tools that read the flash disk) if I loose my phone or if my phone gets stolen ?
I liked the previous encryption method.
So, basically, I want to encrypt ENTIRE partition (FDE encryption) with one PIN, not SD Card encryption, not other file encryption solutions, not special vaults, not other stuff... I want my classic encryption back !
Please explain me:
1. Are all the new phones starting from Android 6 already encrypted ?
1.1. If so, why is there a file encryption tool to further encrypt particular files if the user partition is already encrypted ?
1.2. If so, what is the encryption key ? or what kind of encryption is that which does not require a PIN or something ? that means that the key is stored in plain text ? (if I don't offer it a PIN, it means that it must read the key from other places in order to decrypt the data (key that can be read by a thief, too?))
2. If Android 6+ phones are not encrypted, how can I implement full device encryption, and why the hell does Google abandon this kind of full, quick and not-giving-extra-security-thoughts encryption ?
I would kindly ask only experts to reply me.
If you are an expert or you know these things for sure, please reply.
I need a correct, documented (if possible), answer, because the security of my phone depends on it !
Thank you !
Well... anyone ??? Is this really such a hard question ???
I was getting so excited when I read your question, because I am looking for the exact same answer. But then I saw there aren't any answers.
Please can someone who knows about this answer this for us?
Mar0615 said:
I was getting so excited when I read your question, because I am looking for the exact same answer. But then I saw there aren't any answers.
Please can someone who knows about this answer this for us?
Click to expand...
Click to collapse
I'm not an "expert" but I can tell you your data is safe & encrypted by default, that is why you can't find an encryption setting.
As I understand it
1. Yes (Google makes manufacturers sign agreement)
1.1 The data is encrypted on phone but you may choose not to lock it. Also you may allow some other people access to your phone even if you set screen lock or it's possible somebody may get your phone before it automatically locks, that is why here is a separate encryption system that some people may want ho use to encrypt certain files. (I'm assuming this is what you are referring to as I have never used Huawei)
1.2 Yes the system can generate it's own key from it's internal information automatically (note also, if you put in a simple passcode it is just one element the phone will use to generate a long key, so hackers can't crack a simple passkey to get into your phone as it also uses it's internal data to generate the key)
2, All your data is encrypted, ok maybe not all eg if you consider an alarm time your data, as some apps may be able to access limited data eg alarm times.
A quick search produced these two articles that are not overly technical & also show the numerous security improvements that all go to make your phone more secure. I hope it puts your mind at rest (though of course nothing can be guaranteed 100% secure if a well resourced group has physical access to your phone eg a government)
https://m.androidcentral.com/how-android-n-addresses-security
https://www.computerworld.com/article/3220446/android/android-8-oreo-security.html