Beginning with the Galaxy S24 series, Samsung has been offering up to seven years of mobile security updates. As one of the longest periods of security support available for mobile devices, these updates mean customers can safely use their phones for longer.

This peace of mind is important when navigating our hyperconnected age as cyber threats become more common than you think and are often undetectable until too late. The global cost of cybercrime is expected to surge in the next four years, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028.

But where do these updates come from, and why do they pop up on your phone so regularly? Deep at the heart of Samsung’s Mobile eXperience Business lies Samsung Project Infinity, a classified operation. Samsung Newsroom met the specialist units within Samsung Project Infinity that safeguard Galaxy devices and users around the clock.

Identifying and Addressing Risks in Real-Time
The Cyber Threat Intelligence (CTI) taskforce is a reconnaissance unit within Samsung Project Infinity along with the Red, Blue, and Purple Teams that go beyond lab conditions to identify real-world dangers.

RED and BLUE perform proactive attack and defense functions, seeking out vulnerabilities and taking measures against them. PURPLE is a special operations unit that acts as both a sword and shield for specific critical areas.

The Cyber Threat Intelligence (CTI) unit focuses on identifying potential threats and addressing them before they escalate into actual risks. The team works to thwart hacking attempts by staying updated on the latest threats and preventing malicious activities, such as handling stolen data that could be exploited in future attacks, in addition to securing devices by protecting customer data and ensuring secure access to systems.

To identify potential threats and deploy countermeasures, CTI regularly explores the Deep Web and the Dark Web — bustling markets for security exploits, spyware, malware, ransomware, illicit tools, and confidential corporate and customer information.

Justin Choi, Vice President and Head of the Security Team, Mobile eXperience Business at Samsung Electronics, leads CTI. With over 20 years of experience in the U.S. tech industry as a cybersecurity authority and ethical hacker, Choi has collaborated globally to fortify security for major financial and tech firms. His expertise in identifying and mitigating zero-day threats drives the development of advanced security measures that protect over a billion Galaxy users around the world.

“Occasionally, we engage in security research by simulating real-world transactions,” said Choi. “We closely monitor forums and marketplaces for mentions of zero-day or N-day exploits targeting Galaxy devices, as well as any leaked intelligence that could potentially serve as an entry point for system infiltration.”

As an ethical or “white hat” hacker — whose deep understanding of hacking helps to identify and address vulnerabilities — Choi explained that any hint of suspicious behavior within the system is swiftly traced to its origin.

For example, requests for excessive privileges, unexpected behavior, and network traffic with unknown servers could point to a potential breach, at which point CTI traces Indicators of Compromise to identify the threat actors and the purpose of the attacks.

“Once we spot these kinds of threats, we collaborate with developers and operators to lock everything down to prevent attacks,” said Ranger, a CTI member. (Samsung Project Infinity staff protect their identities with aliases to avoid being personally targeted by hackers.) “We even communicate with other departments and partners on private channels to avoid taking any chances.”

CTI also studies threat actors to decipher their behavioral patterns. Understanding their motivations and objectives can help reveal their attack methods and provide insights for fortification.

“Sometimes, an attack is financially or politically motivated,” added Tower, another CTI member. “Sometimes, they just like to show off.”

A System of Safeguards
CTI’s RED, BLUE, and PURPLE are critical components of Galaxy’s security strategy — but Samsung Project Infinity juggles many initiatives including the Samsung Mobile Security Rewards Program which works with the wider security community to further scrutinize Galaxy’s defenses.

This year, Samsung has boosted this program with a maximum reward amount of $1 million — its highest cash incentive yet for those who can identify the most severe attack scenarios within Galaxy devices.

All of this goes hand in hand with Samsung’s longstanding model of collaboration with hundreds of partners including carriers, service providers, chipset vendors, and more. While regularly working with these partners as well as the wider community to identify threats and develop patches, Samsung Project Infinity ensures Samsung proactively takes initiative and responsibility for reinforcing its own areas of weakness.