Are "Samsung Notes" truly secure when locked?

[SAnon]

Hello all!
So I've got a Samsung S8+ and have almost always used android phones. So I've accumulated a lot of Samsung Notes which if everyone isn't familiar is a widget that lets you store notes, with the option of locking them with fingerprint security. My question is, since Samsung is an international company and alot of "Intellectual property" theft happens in China, Asia in general, etc, if important information such as passwords, banking info, intellectual property, etc is stored in these notes, is it possible for Samsung or some other source to hack into these notes and retrieve the information? Either if they are or are not fingerprint secured?
I know it's better to keep extremely sensitive info written somewhere private but sometimes I make quick notes or use it for memory with often used info, so am wondering how secure these notes truly are. Thanks in advance!

 

[SpookDroid]

S-Notes are encrypted. However, when you 'lock' them, they just go into the Secure part of your phone thanks to Knox, which adds an extra layer of protection. If the note is synced to Samsung's servers (or Evernote, although I don't think Evernote syncing is supported for secure notes), then the contents are stored in Samsung's servers, but the content is still encrypted.

That being said, that still CAN be hacked, albeit not easy. Just like a normal file in your phone could be hacked (well, maybe not like a normal file, but you get the idea). Is it safer to write it down on a piece of paper? Don't know, that's up to you to decide.

 

[SAnon]

Gotcha. Yeah I think that was my main concern, about the being stored on their servers part. I know when we sign up for all these mobile things like apps and Samsung accounts we give permissions etc, but we would hope when we "secure" something like the fingerprints etc it would truly be secure, but I guess we never truly know for sure, considering what you mentioned. Kind of sucks in a way if it's something really convenient to us, but I guess it's just a part of the risk we take now everything being "convenient". Thanks for the reply

 

[SpookDroid]

Gotcha. Yeah I think that was my main concern, about the being stored on their servers part. I know when we sign up for all these mobile things like apps and Samsung accounts we give permissions etc, but we would hope when we "secure" something like the fingerprints etc it would truly be secure, but I guess we never truly know for sure, considering what you mentioned. Kind of sucks in a way if it's something really convenient to us, but I guess it's just a part of the risk we take now everything being "convenient". Thanks for the reply

Just remember, for secure notes to be hacked, they'd need to break the encryption that Knox adds on top, to which your fingerprint is the key in your device. So even though they do have access to it in their servers, the data is not open just like that.

 

[SAnon]

Gotcha.
Quick question though. You think these companies would "screenshot" ( capture) our fingerprint data associated with our phones, and subsequently use it to unlock our data if they ever wanted to?
Not sounding paranoid, but just as I mentioned, if someone has "potential patent information" or any kind of intellectual property that's sensitive and someone associated with Samsung etc catches onto this and intends to steal this info, or even just say the NSA for example wants to snoop on someone, does this sound possible or do they really have to physically have to have our fingers present to open these notes?
I know it sounds paranoid but there seems to be never-ending examples of intellectual property being stolen etc.
I know when we sign up for and agree to terms when we say, store our "Iris" data on our phones for unlocking or using the associated Samsung actions, just as our fingerprints are stored, I wonder if that data could just be remotely used as well to "hack in". Not saying Samsung as a whole could be corrupt but I trust no one these days and money, data, IP is thieved every day. Just say I'm dealing with a patent idea, I really wouldn't want to wake up one day and find out my idea is already being produced in China because someone got the info off my Snotes and has cashed in. I guess any of our data is at risk if someone wants to take the chance to acquire it, highly doubtful though unless it was the perfect scenario someone just comes across my specific name and IP and they work for or know someone connected with Samsung

 

[SpookDroid]

They could but this would be very difficult, not to mention the PR chaos and legal pitfall this would entail. Your biometric data is only stored locally in your device and further encrypted with a device-specific key. This is actually the reason why you can't use apps with a finger print scanner unless you have a secure lockscreen.

 

[SAnon]

Very true, agreed

 

[orangecroc]

Fingerprint data is stored locally on the phone.
The only information that can't be stolen is your thoughts. Paper and air gapped devices can be physically stolen, however good the security is, there will be a way through. Same with digital data, there is always a way, it's just not always easy.

 

[SpookDroid]

Fingerprint data is stored locally on the phone.
The only information that can't be stolen is your thoughts. Paper and air gapped devices can be physically stolen, however good the security is, there will be a way through. Same with digital data, there is always a way, it's just not always easy.

Soon enough, not even thoughts.
https://www.independent.co.uk/news/...ked-in-syndrome-toyohashi-japan-a7687471.html

 

[Rukbat]

Samsung would never do it. If they're caught once, they can close their cellphone division.

But developers of 3rd party apps might.

 

[SAnon]

Yes, "if they're caught" . But we're seeing more and more of immoral people and companies alike, in every way.
Just didn't know if someone had some expertise specifically concerning this.