Samsung smartphones security

Hello everyone,

I’m writing this post because I’ve been interested in Samsung devices for a long time. I’ve spent many hours looking into the topic, reading endless tech articles, product sheets, and whitepapers. At its core, the issue is that Samsung has been vulnerable to Cellebrite for years, while other manufacturers like Apple and Google are actively addressing this problem and introducing countermeasures. These measures are not perfect solutions, but they are showing results.

If we look at Cellebrite’s support matrix, we see that with Samsung devices, Cellebrite has every possible way to exploit them. It doesn’t even matter if the device is in AFU (After First Unlock) or BFU (Before First Unlock) mode. In BFU mode, Cellebrite can simply brute-force the PIN code. In AFU mode, this isn’t even necessary—Cellebrite can just bypass the lock screen using zero-day exploits.

What I found particularly shocking is that Cellebrite can brute-force Samsung devices in BFU mode, even with new models released just a few months ago. This means that Samsung practically offers no protection against these attacks. Samsung itself advertises “Knox Vault,” a secure element that is supposed to ensure all cryptographic operations are handled in a separate chip. Secure elements do work effectively—in Google’s Pixel devices, for example, we see that Cellebrite has no way of brute-forcing a Pixel 6 or newer. The same effect can be observed with Apple devices. But Samsung continues to remain vulnerable, despite having a secure element that should actually help prevent such attacks.

But that’s not my only criticism of Samsung regarding security. I also find it extremely concerning that security updates often take weeks or even months to reach end users, even when they address critical vulnerabilities. On top of that, the sheer amount of bloatware on Samsung devices is a nightmare—many preinstalled apps that nobody really needs, which only add more attack surface.

I don’t see any progress from Samsung in addressing these problems, even though there have already been many critical media reports about how forensic tools like Cellebrite have been misused to violate human rights. Overall, I think it’s a real shame that there has been no development in this area for years.

I’m curious—what’s your opinion on this? How do you see it? Feel free to comment, I’m looking forward to discussion and feedback!

Glossary of Key Technical Terms

• Cellebrite: A company that develops digital forensic tools used by law enforcement to extract data from smartphones, often exploiting vulnerabilities in device security.

• AFU (After First Unlock): A device state after it has been unlocked at least once since boot. Some data is more accessible in this mode.

• BFU (Before First Unlock): A device state before it has ever been unlocked after boot. Normally, strong security prevents access here, but brute-force attacks are sometimes possible.

• Brute-forcing: A method of trying every possible password or PIN combination until the correct one is found.

• Zero-day exploit: A previously unknown software vulnerability that attackers can exploit before the vendor has issued a fix.

• Secure Element: A separate, tamper-resistant chip designed to handle sensitive operations like cryptographic key storage, improving overall security.

• Knox Vault: Samsung’s implementation of a secure element, advertised as a defense against attacks on sensitive data.

• Cryptographic operations: Processes involving encryption, decryption, or digital signatures that secure communication and stored data.

• Attack surface: The total set of ways a system can be attacked, which increases with unnecessary software or services (e.g., bloatware).

• Bloatware: Preinstalled apps on devices that are often unnecessary, take up storage, and can introduce additional security risks.

From what you’ve talked about in your post, if such is your threat model, then using anything but GrapheneOS is going to be a horrible decision.

There is only 1 right answer here. You can of course use one of the latest iPhone’s with the new chipset that may help you with Lockdown Mode enabled. But I would still go with GrapheneOS for such extreme threat models.

Using or considering anything else is a mistake. If you’ve done enough research, this should (have been) clear to you. If it’s not, then said research was not enough, I’m afraid and now you have an answer (that I am confident about).

I haven’t kept up with who’s vulnerable to Celebrite but if it’d be really disappointing if Samsung’s newest models are still vulnerable in BFU mode. When it comes to security in general, Samsung does seem to be a distant third best option if Pixels and iPhones aren’t an option, but I’ve heard rumours that GrapheneOS is in talks with an unnamed manufacturer who (if interested in supporting GrapheneOS) would probably need to step up their security and perhaps bump Samsung down the hierarchy.

Omdia reviewed smartphone security in Dec 2024:

It ranked Samsung below Pixel but above iPhone.

Just this week, my Samsung S24 updated to Android 16.

This features Google’s “Advanced Protection”

Samsung already had a similar component called “Auto Blocker” which has an additional “Maximum restrictions” setting:

Some components require you to be logged into a Samsung account - which forced Location services to be on, but you can still get most of the protections without this.

Ok, it’s not going to be as safe as GrapheneOS - nothing is - but has caught up to Pixel and iPhone.

Since people are throwing Graphine OS around, I’ll remind OP that if you have Samsung equipment, they all contains a fuse that will be intentionally burned out if you root the phone. Even if you revert back to the Samsung version of Android and lock the bootloader, it will still show it as rooted.

If you expect that you’ll be in a situation where your phone will get connected to a Cellebrite, turn it off.