This feels like a big win for privacy. I just hope that it's communicated well enough that users know to enable it when they send in their phone for repairs.
I also wish there was a way to enable it if the touchscreen is inaccessible, as it usually is by the time I would consider seeking repairs.
It’s also bs. The promise is only as good as the maker and the technology. Has it been vetted? Are there independent evaluations? Is Samsung willing accept any liabilities in the event of failure?
All hype, no substance. Delete your data (with no way of verifying) and restore it on return.
You didn't ask me, but my input is that the two most obvious to me are: open source, so the effort can be vetted in good faith--or a insured guarante, so the consequences can be abated
If it does anything to add privacy it’s a good thing, even if it can be sidestepped, it’s a good thing.
Just because a lock is easily broken that doesn’t make it useless, it can still act as a deterrent for opportunistic crimes.
One time I took a bike to festival. The first few days I was locking it up safely with a bike lock and chain, as I’m used to doing in the city. Eventually I decided to just use some rope to tie it to the rack with a basic square knot.
I would always half expect to come back and it would be gone, but I rode that bike home from the festival.
Even if the software is open source and provably secure (hahaha) you should probably assume that there is a way for a MOTIVATED actor to extract data from your internet connected device that THEY have possession of! Moral of the story is be smart and/or don’t put stuff on your phone you don’t want other people to see.
>If it does anything to add privacy it’s a good thing, even if it can be sidestepped, it’s a good thing.
I disagree.
a bad lock that the consumer thinks is a good lock will be used to hide All The Secrets.
In other words; when a consumer is lulled into a false sense of security by a manufacturer that calls everything secure and secret, they will guard their secrets with it. Very few people actually technically vet their security rationales, so the consumer that is relying on the company, who is then in-turn providing a subpar and broken security mechanism, is more-or-less screwed and is in actuality in a worse position than they would have been had they known to keep their secrets off of the broken platform.
Your analogy fits the real life metaphor of a lock, it bends and breaks when we carry it into things like cell phones where 'a good lock' requires forethought and engineering time that a company isn't willing to sink into it; and this poor quality engineering is hidden behind a slick glass phone that by all means is beautiful.
It's easy to hide the shoddy software engineering that is inside a beautiful product. It's hard to hide a poorly crafted physical lock -- the key won't work properly, it'll be hard to install, the surface finish will be low quality, etc etc.
It's easier for the company, and ultimately more profitable, to just claim that a mechanism works and then deal with the damage to reputation later-on with the next 'WhizBang Product', especially since the mechanism itself is hard for Joe Everybody to vet in any significant way.
I mostly agree. I used the phrase "good faith" for that reason. You shouldn't assume anything is 100% secure. I'm just sympathetic to a good faith attempt without too many strings attached.
That said, I agree something is better than nothing, but if they want praise from a more technical audience (hacker news for this example) they're gonna need to do more than tie the proverbial square knot.
not the one you asked, but probably this same initiative pushed by a more reputable company.
Samsung has been consumer-hostile in the mobile phone space for years, and nearly every 'vault' or 'secure enclave' or 'encrypted partition' that they've released has been broken in some fundamental and huge way since they started with the idea.[0]
Companies (apple included) can invest all they want in features and press releases claiming that said features are to ensure customer privacy but - unless these features are open sourced and subject to public and recurrent scrutiny - it is just faith that they expect from customers.
If you care deeply about the privacy of you data, don't hand your data on a physical device to anyone.
I disagree. Hype matters. If companies are advertising themselves on privacy then that makes the average person concerned about safety. It then makes it when privacy concerned techies sound less like conspiracy theorists and creates some feedback. I wouldn't be surprised if there's been an uptick in Signal downloads due to Apple and Samsung advertising.
Something is better than nothing. And the smoke and mirrors can still help. I agree OSS would be better, but I'll take what I can get. Even if that is just a moving ecosystem.
You don't need open source. Just look at the business incentives. Samsung has no incentive at all to give 3rd party repair workers access to your private data. Even if the feature isn't bullet proof, its going to be a whole lot better than the current situation where you hand your phone and password over and come back later to pick up the phone.
That is completely useless in the context of this feature. National security letters go direct to Samsung who already have full access. This feature is relating to creeps at 3rd party repair stores stealing your nudes.
There are other practical indicators of how good things are. Apple, for instance, demonstrated that the iphone was sufficiently secure to provoke some novel legal maneuvering during the San Bernardino situation.
Which was then circumvented by a third party. The legal maneuvering wasn't that novel: despite what Apple advertised, Apple could obtain the data off the device, and the FBI simply asked Apple to do it for them.
It was a sure thing that Apple could do it — the FBI clearly explained how. It was such a sure thing that Apple stopped advertising it couldn't do it after the FBI showed how it could, with the quoted wording in
https://www.nbcnews.com/tech/security/ios-8-even-apple-cant-... disappearing from Apple's website (but not from IA).
The only reason Apple wouldn't do it was that it was such an embarrassment for its marketing to be shown to be a lie by something that had made national headlines.
As far as anybody being able to buy a 0-day, the price for such a 0-day is much higher for competitors' phones with better security.
I'll be sure to read up on the latest regarding that matter. I could be outdated. I don't think it was something like apple has a key escrow.
Regarding the price of a 0-day, it is clear that the fbi bought it. (maybe it wasn't 0d at the time but it was an exploit.) The cost is irrelevant considering it was a state actor. In context of this discussion, apple resisted.
I'm all for more security and will take your recommendation for a vendor with more integrity. I think we have to weigh integrity vs capability, though. Good intentions don't confound tough adversaries.
That's true with iCloud Backup specifically, not iCloud. But unsecured notes and photos don't fall under the encryption umbrella, so syncing those means you lose privacy. Even syncing messages is safe, since messages are shared with your private encryption key. iCloud Backup and photo syncing are pretty much the bones thrown to US law enforcement.
> Even syncing messages is safe, since messages are shared with your private encryption key.
Do you mean the syncing of messages between logged in devices via the normal iMessage delivery mechanism (which I know is encrypted), or the "Messages in iCloud" feature?
Curious, why does Samsung need to have Phone booted up for battery repair?
I recently had a battery replacement done for my iPhone and I had similar concerns if I need to give them Phone unlocked, but they asked me to turn off Phone.
That is what I expect from battery repair!
You want to turn it back on to validate everything is working right and it’s all plugged in correct. You also want to validate you didn’t break anything else while attempting the repair
And also(sadly necessary) you want to stop scammers who will send you a broken phone and then pretend you broke it. So you want to switch it on before and after the repair.
Especially the screen. I mean you have to rip off the screen to get to the internals. Lots of people already have cracked screens and it is hard to put them back on without making the cracks even bigger. A small crack with no chromatic effects can easily make those from the prying. Why would you not want to validate the quality of the screen after you have just been wrestling with it?
Oh man, HTC 10 was the worst phone I owned in terms of repair-ability (I even saw one phone repair place explicitly saying they don't support that phone). Not only you risk screen (primarily) and other components damage. You can also break the phone in subtle ways when putting it back[1] and reopening it back is again tough because you need to unglue the screen first to get to screws.
Having a builtin validating code as one commenter mentioned would be a godsend, but nearly all companies do everything they can to make customers not want their phones repaired.
[1] things like some sensors not working, accidentally clipping the tape with buttons, touch screen being funky (although that likely was due to non genuine screen), or my favorite - gps working but never able to get exact location)
I destroyed an iPhone 6 Plus screen one time reassembling it. Apparently I switched a 1.7 mm screw with a 1.3 mm, and when I popped it back together then entire screen (which wasn’t working for touch anyway) shattered.
Can't they have a signed "self-test" image that they can boot up and it checks the phone? This wouldn't have access to any user data but can boot up and check that all of the components are working. This sounds much quicker and more effective than prodding at the user's OS anyways.
At least on my phone (Samsung), the "self-test" app is on the /system partition, which is where the user OS is, and you need to boot normally to use it. You can run it by entering *#0*# in the dialer, no need to flash anything.
Having a dedicated test image (like /recovery) is a possibility, but it wouldn't be the same environment as the user. The kernel may be different, maybe some runtime calibration data would be missing, and most customers want to see their phone working after a repair.
In high volume test and repair environments this exists, but part of how they can do it is they erase and overwrite the data on the phone. When you don’t care about the users data this becomes much easier. Data migration is a pain. (Esp when it’s not yours)
In my case they ran a diagnosis over the network to make sure everything is working.
Diagnosis software is built into iPhone so I can put a trust on it that it ain't sharing private data to the store employees.
Similarly they ran a diagnosis again at the end of repair. They did boot up the phone my themselves and ran it. Looks like they can run diagnosis on locked Phone.
This is overall much better than asking to unlock Phone.
When I had my iPhone battery changed, they explicitly said it should be unlocked and / or I should give them the code. So I went through the trouble of backing everything up, wiping the phone clean, and then reinstalling everything when I got it back.
If there was some kind of "status debug port" or whatever, the technicians could've done the various checks the sibling talks about without needing full control of my phone.
I replied to another thread and adding here again, they have diagnosis tool built into iPhone that can be triggered over the network when connected to same WiFi.
This also works when Phone is locked.
This is how my repair went through. At no point they asked for my passcode or to unlock Phone.
It’s not just Samsung Apple does the same. I was shocked when I wanted to replace my iphone display and the technician asked me to turn off pass code. Like he didn’t even give me another choice. I did a quick backup on icloud and wiped my phone and gave it. It was annoying to restore everything.
I also call for bullshit feature.
Most of the time, you send your phone because it is not working anymore, unreactive, so there will be no way to go into repair mode.
But, that being said, this does not address also one big hurdle for people sending their phone for repair, that is the opposite: losing all data.
As a standard procedure, most technicians will reset to factory the device to see if it fixes the problem even when you send it for an unrelated issue.
What an odd feature to expose to the the user. User data partition is already encrypted. It would be enough with different boot option, chosen by the workshop with usb, fastboot or key combo, they could not access data anyway. Maybe its hard to explain to non techies why they need to power off their phone before handing it to the workshop. Otherwise this just sounds like PR stunt.
That's both odd and interesting, my only experience with official repair services was that they always were starting ANY job by wiping the entire device. That was always written in bold letters that's what I have to agree for. Their answer on why it is required was always that's the only way to test the phone is fully functional as from factory with default config. Thus... I started fixing them on my own.
The amount of times it refused to give my password for a repair and they in returned refused warranty is more too often. Luckily it was mostly their bluf.
Manufacturers, please do the same for laptops too.
ASUS warranty policy makes people click "I agree" to all their data being erased during a warranty repair. So what the repair needed is for a touch screen.
I think on Samsung phones, plugging them into a standard USB-C multiport hub with an HDMI monitor and a keyboard/mouse plugged in allows use of the "DeX" mode, even while locked.
I would assume someone could plug the phone in, use the mouse to enter their password and operate the UI to activate such a feature.
I wasn't aware they were so unpopular. I don't mean a Thunderbolt dock, it can be one of those ten buck dongles from Amazon with a bunch of ports on it, that looks like a glorified card reader.
It will also work with any computer monitor that has a USB-C input and USB ports on it, usually, which are starting to become popular enough lately where I'm from.
They’re pretty common. I don’t own one personally, but lots of people have laptops with no full-size HDMI port. For them the dongle is necessary to make the laptop usable.
Seem to me that if your phone can't even boot up, then repair mode is moot, the repair person won't be able to log into your account to access your private info. Even after the phone is operational they still won't be able to run anything without you putting in your password. I think this is more for the situation where the repair person asks you to log in so they can verify that the phone is fully working. You'll want to expose as little sensitive data as possible.
I do think you have a point though. If you sent in a non-functional phone, and now it's in the shop being fixed, but the repair person needs to do a detailed check of the phone's operation, how can that be done safely without you being present? Maybe there could be a "repair mode password" that you can give out remotely and only allows the phone to enter repair mode.
> Seem to me that if your phone can't even boot up, then repair mode is moot
I've never needed to repair a phone, but I assumed the repair shop asked for your password. (And some other comments have said as much here.) Do they not do that?
If they do, I like the idea of a "repair mode password".
Depends entirely upon how exactly it's broken, and how the mode is enabled. If it's done in the settings app, then as someone else here pointed out, a broken screen would make that a bit pointless. If the mode can be enabled other ways (button combination, something via USB, etc) preferably in multiple possible ways, then it could be extremely useful.
I wonder if it works well enough to travel, i.e. does it make it obvious that the phone is in repair mode and does it stop someone from copying an image of your personal data.
Following is the text of the post as translated to English by G.
> Samsung Electronics has officially unveiled the 'repair mode' service that can prevent the leakage of personal information of Galaxy smartphone users.
'Repair Mode' is a function that allows you to selectively disclose data when repairing a smartphone, and fundamentally blocks concerns about access or leakage of personal information that may occur during the repair process through some private companies.
If the user executes 'Repair Mode' in the 'Battery and Device Care' menu in the 'Settings' of the smartphone, the smartphone is rebooted. After that, you won't be able to access your personal data, such as photos, messages, and accounts, and only use the default installed apps.
After repairing the smartphone, the user can access personal data again after exiting the 'repair mode' and rebooting through pattern/fingerprint recognition.
Samsung Electronics will first introduce 'repair mode' through software updates from the Galaxy S21 series, and plan to expand it to some other models in the future.
Recently, Samsung Electronics has been continuously adding functions to protect and secure sensitive personal information to mobile devices such as smartphones and tablets.
Last year, it unveiled 'Samsung Knox Vault,' an information protection technology that blocks various attacks by storing encrypted personal information in its own storage space. We released a new security solution to block.
In a recent article published in the Samsung Newsroom, Shin Seung-won, managing director of the Security Team of Samsung Electronics' MX Division, said, "Technology is connecting the world closer than ever, but the risks are also increasing." "Samsung's top priority is customers “It’s about making sure you stay safe while trying out this new experience.”
It's not so much identity information (i.e. data about your identity), as much as data that can personally identify you. The obvious PII is your full name and social security number. That's your identity. But your credit card number or your address aren't your identity, per se, but still can personally identify you, so also considered PII.
Things that are not normally considered PII is for example your OS or even specific device model (i.e. user is using iPhone 12 Pro is not normally considered PII). As usual, it's not a crystal clear definition, so varies by context, company, industry regulations and so on.
Things like IMEI are PII too, the number is printed on a label on the mobile phone box and recorded by the seller (in UK, I gather) when you make a purchase.
Google Translate *is* "a thing" these days… Amazing where technology has gotten us. Much of what we enjoy as commonplace today was literal science-fiction when I was just a child (not so very long ago).
I also wish there was a way to enable it if the touchscreen is inaccessible, as it usually is by the time I would consider seeking repairs.