Security Articles


Encrypt Galaxy cloud backups using Enhanced Data Protection

Introduction

Galaxy Enhanced Protection introduces an important security feature for Samsung users: end-to-end encryption (E2EE). This is essential for anyone aiming to safeguard their sensitive data against unauthorized access, including from Samsung itself. Similar to Apple iCloud's implementation of E2EE (launched years ago and unsuprisingly also called Advanced Data Protection), this technology encrypts data directly on the user's device before it's uploaded to Samsung Cloud. This ensures that the data can only be decrypted on a trusted device, offering a secure environment for personal information.

E2EE is vital not only for protecting against external threats but also for maintaining data privacy from service providers themselves, for example if there is a data breach or unauthorized access from a provider's employee or contractor.

Step-by-Step Guide to Enable End-to-End Encryption

Prerequisites

Make sure you are running the latest version of the firmware for your device since Samsung Cloud Enhanced protection requires OneUI 6.0 or above. If your device is less than 5 years old, it is likely to be supported.

Steps to Enable Samsung Cloud E2EE

Follow these simple steps to ensure your Samsung Cloud data is securely encrypted:

  1. Access Your Samsung Cloud Settings

    • Navigate to the settings menu on your Samsung device.
    • Search for 'Samsung Cloud'.
    • Samsung Cloud Settings
  2. Locate the actual settings

    • Once you've tapped Samsung Cloud, tap the 3 dots on the top right corner of your screen (aka the 'kebab menu') and tap Settings.
    • Actual Settings
  3. Enable Enhanced Protection

    • Within the Security section, tap Enhanced Data Protection.
    • This will perform Knox hardware attestation, then open the actual setting. Once the screen has loaded, tap the Encrypt Backup Data switch to enable it.
    • Encrypt Backup Data

Important to note

Samsung hasn't clearly disclosed the encryption method or mode of operation, but based on Samsung Knox implementations and the entropy of recovery keys we've observed (~140bits) we presume it is AES 256 in Galois/Counter Mode.

Contingencies

When enabling E2EE on Samsung Cloud, you are required to write down your recovery key. This recovery key will be needed to access your data if your device is ever lost, stolen or malfunctions. Storing your recovery key on a scrap of paper is not ideal. Additionally, without the recovery key or access to your device your family and associates will not be able to access your data in the event of your death. It is important to consider contingencies to ensure access to your valuable data, for example you could use Keycrypt to securely prepare and distribute physical shares of your recovery key to family members or business associates.

Conclusion

With our increased reliance on cloud services, the threats posed by data breaches and mass surveillance are greater than ever. Please enable E2EE where available to mitigate these threats.

`Galaxy Enhanced Protection is an important security feature for Samsung users, protecting sensitive data against unauthorized access, including from Samsung itself.'



Share this Article

Tweet

Entropy

Secure your Digital Legacy