JUMP TO SOLUTION Solved

Original topic:

Received a fingerprint update 6.0.0.4 notification but not sure if it is legit or not?

(Topic created: 04-05-2022 03:01 PM)
2473 Views
Members_MBxmt50
Constellation
Options
Note20

Fingerprint update 6.0.0.4

I received a notification on my note 20 that there is a security biometrics update available. I am suspicious of it because it has no publisher name and a blank shield logo. Is this legit or not?

26 Replies
hyperbolic monkey
Astronaut
Options
Note20

Helped it how?

0 Likes
Reply
QuantumBiker
Asteroid
Options
Note20

I was just on a chat with samsung support. They say it is legitimate.

0 Likes
Reply
user_ams007
Samsung Care Ambassador
Options
Note20
It is a Samsung biometric update that is 100 percent valid
0 Likes
Reply
userR1IosQP9rQ
Asteroid
Options
Note20

That's the problem though, right? Samsung had a massive security software data breach recently. Who's to say this isn't a Bad Actor posting this software update? If they have the signing keys, they could, and the phone would show the update as a legitimate piece of Samsung software. You could even be a member of this group posing as a legitimate Samsung Care Ambassador. Posting a link from sammyfans.com as confirmation doesn't help either.

Samsung Corporate needs to set up a support page that shows from the horse's mouth that this is a valid trusted update, and blast it out to the tech community so the word gets out there.

This is an absolutely irresponsible way to blast out mystery updates to phones. Especially so soon after a data breach that pertains to the very same security software.

userR1IosQP9rQ
Asteroid
Options
Note20

No worries and hopefully you did not feel personally attacked as that was not my intent. I was just describing how very real and very suspicious this looks to users. Say your user account was compromised without your knowledge. Some random Internet person could be posing as you.

Regarding the software breach: This article for example: https://www.tomsguide.com/news/samsung-hack-source-code mentions: "the Lapsus$ hacker gang proclaimed  that it had stolen 190 GB of data from Samsung, including source code for Samsung's TrustZone and Knox, biometric unlocking, bootloader, activation servers, account verification and even some proprietary Qualcomm code, according to Bleeping Computer ." (emphasis mine)

Samsung put their domain name on this forum, so it seems it would be good they have real Samsung humans capable of responding to serious issues. I won't get into the folly of that "hey we have a forum we don't monitor" situation as that is a completely different discussion.

The hackers claim they have the source code to Samsung's biometric software and activation servers, Samsung doesn't officially confirm or deny it, and then a firmware update for biometric security comes out without a formal declaration from Samsung, no release notes, just some rarely-used section of the phone is mysteriously activated. It just doesn't have good optics.

Sorry you forum folks have to deal with this!

user_ams007
Samsung Care Ambassador
Options
Note20
I will make sure that it pass along your concerns and questions regarding the fact that Samsung is not releasing technical documentation for security updates and patches to provide better clarity to Samsung users
userR1IosQP9rQ
Asteroid
Options
Note20

Thanks a bunch! Samsung has made this iPhone convert very happy thus far! Hope they can keep it up!

0 Likes
Reply