Starting with the Galaxy S24 series, Samsung is pioneering an impressive initiative by offering up to seven years of mobile security updates. This makes Samsung one of the leaders in providing long-term security support for mobile devices. This extended support period ensures that customers can confidently use their smartphones for an extended time without worrying about security vulnerabilities.
In our increasingly interconnected world, the importance of such security measures cannot be overstated. Cyber threats are becoming more prevalent and sophisticated, often going unnoticed until significant damage has been done. The global cost of cybercrime is poised to escalate dramatically, projected to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028. This alarming trend underscores the necessity of using devices equipped with robust security measures, such as regular security updates, to protect against potential threats.
But where do these updates originate, and why do they appear on our phones with such frequency? At the core of Samsung’s Mobile eXperience Business lies Samsung Project Infinity, a highly confidential operation dedicated to safeguarding Galaxy devices and their users. Samsung’s Newsroom delved into the workings of this operation and met with the specialized units within Samsung Project Infinity that continuously protect Galaxy users.
### Deep Diving for Unknown Dangers
The Cyber Threat Intelligence (CTI) taskforce is a pivotal component of Samsung Project Infinity, working alongside the Red, Blue, and Purple Teams. These teams extend their operations beyond controlled lab environments to identify real-world threats. The Red and Blue Teams focus on proactive attack and defense strategies, seeking out vulnerabilities and implementing measures to counteract them. The Purple Team serves as a specialized unit, acting both offensively and defensively in critical areas. These teams are strategically positioned in various countries, including Vietnam, Poland, Ukraine, and Brazil.
Despite their covert operations, their presence becomes apparent when users receive security patch updates. The CTI taskforce is dedicated to identifying potential threats and preventing hackers from taking control of devices by staying abreast of the latest risks. Their efforts aim to thwart malicious activities, address threats involving the trade of stolen information, and ensure that smartphones and tablets remain securely under user control.
The taskforce is responsible for safeguarding Galaxy’s internal infrastructure, protecting customer data and employee information, such as access credentials. Any confidential information stolen by hackers could be exploited or sold for further attacks. To identify potential threats and deploy countermeasures, CTI regularly explores the Deep Web and Dark Web—active marketplaces for security exploits, spyware, malware, ransomware, illicit tools, and confidential corporate and customer information.
Leading the CTI is Justin Choi, Vice President and Head of the Security Team at Samsung Electronics. With over two decades of experience in the U.S. tech industry as a cybersecurity expert and ethical hacker, Choi has worked globally to enhance security for major financial and tech firms. His expertise in identifying and mitigating zero-day threats is instrumental in developing advanced security measures that protect over a billion Galaxy users worldwide.
“Occasionally, we engage in security research by simulating real-world transactions,” Choi explains. “We closely monitor forums and marketplaces for mentions of zero-day or N-day exploits targeting Galaxy devices, as well as any leaked intelligence that could potentially serve as an entry point for system infiltration.”
As an ethical or “white hat” hacker, Choi’s deep understanding of hacking enables him to identify and address vulnerabilities. Any hint of suspicious behavior within the system is swiftly traced to its origin. For instance, requests for excessive privileges, unexpected behavior, and network traffic with unknown servers could signal a potential breach. At this point, CTI traces Indicators of Compromise to identify the threat actors and the purpose of the attacks.
“Once we spot these kinds of threats, we collaborate with developers and operators to lock everything down to prevent attacks,” said Ranger, a CTI member. Samsung Project Infinity staff protect their identities with aliases to avoid being personally targeted by hackers. “We even communicate with other departments and partners on private channels to avoid taking any chances.”
CTI also studies threat actors to decipher their behavioral patterns. Understanding their motivations and objectives can reveal their attack methods and provide insights for fortification. “Sometimes, an attack is financially or politically motivated,” said Tower, another CTI member. “Sometimes, they just like to show off.”
### Eliminating Threats Before They Become Real
While real-time threat detection is crucial, a robust offensive security policy is equally vital. The Red and Blue Teams draw inspiration from military practices, where a red team simulates enemy attacks, and a blue team creates defenses to ensure safety against ever-evolving threats. In Samsung’s approach, the Red Team simulates hacker attacks and devises new attack scenarios to identify potential vulnerabilities, while the Blue Team develops and implements patches to protect against them.
Specializing in combating zero-day attacks, these teams address vulnerabilities before they can be exploited to prevent unauthorized access or data breaches. One notable incident was the Pegasus data breach in 2020, which exposed vulnerabilities in an operating system.
The Red taskforce initiates their projects by investigating Galaxy devices. They continuously use and analyze new Galaxy features and delve into recently disclosed vulnerabilities, imagining potential security threats to users. Through diverse research, they select targets presenting potential risks to real Galaxy users and begin their quest to detect zero-day vulnerabilities in the target.
“One thing we do is fuzzing,” said Arrowhead, a Red Team member. “It involves subjecting software to unexpected data inputs to uncover hidden flaws.”
Other methods, such as code auditing and static and dynamic analyses, help develop a comprehensive understanding of a system’s health and safety. The team contextualizes each threat in everyday scenarios to prevent threats to Galaxy devices.
“It’s not as urgent if there’s a flaw with the alarm clock, but a glitch in location data could lead to someone being unknowingly followed through their device,” added Gate, a Blue Team member. “Once we discover a hypothetical weakness, we hurry to patch it and roll out an update to the relevant models.”
### The Specialists Among Specialists
The Purple Team acts as both aggressor and protector, ensuring the security of critical areas and key features of Galaxy devices. As the name suggests, the Purple Team combines elements of the Red and Blue Teams’ skillsets, but their in-depth knowledge of the security measures built into mobile devices sets them apart.
“Samsung collaborates with external security researchers to uncover vulnerabilities, but our intimate knowledge of Galaxy systems allows for more effective targeting of potential weak spots,” said Sphinx, a Purple Team member.
“The better you know a system, the better you can protect it,” added Oracle, another Purple Team member.
Occasionally, the Purple Team is called upon to address issues that no one else can, including formulating new security requirements, designs, and features. It’s not just about maintaining the safety of Galaxy devices and the Samsung Knox security platform. Samsung also advises and proposes solutions to chipset and network vendors based on their requirements.
Samsung’s position as a hardware leader means the company can scale its security innovations and secure its supply chain. This way, Galaxy contributes to the security of the next generation of chips.
Surprisingly, the motivation behind this work sometimes has nothing to do with technology. Purple Team members feel a sense of duty to keep people safe, and they take pride and satisfaction in finding and addressing vulnerabilities.
“It’s not just me but also my family and friends who use Galaxy,” continued Oracle. “So, let’s make it safe!”
The bar for entry is high, and technical skills alone are not enough. To join the team, one must also demonstrate a strong moral character, as vulnerabilities discovered by the team could be very profitable in the wrong hands.
“They must be tenacious and moral,” said Choi. “One must be responsible and put users before personal interests.”
“Being an early adopter and a big reader of tech trends is also useful,” added Sphinx.
### A System of Safeguards
CTI, Red, Blue, and Purple are critical components of Galaxy’s security strategy. However, Samsung Project Infinity manages many initiatives, including the Samsung Mobile Security Rewards Program, which collaborates with the wider security community to further scrutinize Galaxy’s defenses.
This year, Samsung has enhanced this program with a maximum reward amount of $1 million—its highest cash incentive yet for those who can identify the most severe attack scenarios within Galaxy devices.
“It’s crucial to encourage participation from the security community in identifying potential vulnerabilities,” said Choi. “Especially in a world where cyberattacks are increasingly intelligent and disruptive.”
All of this aligns with Samsung’s longstanding model of collaboration with hundreds of partners, including carriers, service providers, chipset vendors, and more. Regularly working with these partners and the wider community to identify threats and develop patches, Samsung Project Infinity ensures Samsung proactively takes initiative and responsibility for reinforcing its own areas of weakness.
“Just because we have internal specialists, this doesn’t mean we don’t work with others,” added Choi. “Having more eyes gives us a better chance at spotting any vulnerabilities and helps us keep users safe.”
So, are you still ignoring that notification now that you know it is from a team deeply committed to your security? Each of those notifications represents Samsung’s ongoing effort to keep your data safe. The next time you see an update, don’t hesitate. Hit “install” and continue your online journey with peace of mind, knowing that there’s a whole team looking out for you.
1. Timing and availability of security maintenance releases for Samsung Galaxy devices may vary by market, network provider, and/or model.
2. Statista Market Insight, “Cybercrime Expected To Skyrocket in Coming Years,” Chart: Cybercrime Expected To Skyrocket in Coming Years | Statista
For more Information, Refer to this article.
