KNOX rumored to be easy to hack - Android 5.0's corporate security feature may be, too

Android 5.0 Lollipop is a pretty big update for Google's mobile OS. It will bring a UI overhaul, a number of reworked features, and a few nifty additions, as well. Among these is an app, which will allow users to lock out their professional apps and data from their personal ones – a feature that is ever so needed in the growing BYOD (bring your own device) niche.

Built with contributions from Samsung's own KNOX, the new feature is said to work much in the same manner. Basically, with KNOX, you start up the app at the beginning of the work day and it gives you a new launcher, with a new homescreen, app drawer, and apps. KNOX apps are different than Android apps – there is no Play Store here, KNOX is all business and offers only enterprise-oriented applications. At the end of the day – turn off KNOX and your phone is back to normal. And, of course, Samsung's secure interface, and the professional data that is stored within it, is locked via PIN.

KNOX has received plenty of praise for its security in the past few months – being approved by the US Department of Defense and, most recently, by the NSA – so the next bit of news may come as a bit of a surprise to many.

An “unnamed researcher” claims to have found where KNOX keeps its security PIN, and it's not that much of a secure place, either. Reportedly, it is stored in plain text in a file, inconspicuously named pin.xml. Granted, in order to gain access to this file, one needs root access.

Now, Samsung has responded with a blog post, denying that access to the PIN is that easy, claiming that “...unlike what is implied in the blog, the access to this key is strongly controlled. Only trusted system processes can retrieve it, and KNOX Trusted Boot will lock down the container key store in the event of a system compromise."

Still, the researcher (who we guess is a passionate and enthusiastic tinkerer, rather than a threat entity) has updated his post, claiming that the tests were done on a brand new and up-to-date Galaxy S4, which comes with KNOX out of the box.

Where does the truth lie, exactly? Only extensive testing will answer that. For now, we can't help but wonder – just how much of KNOX is Google using for Lollipop's “corporate mode” (or whatever they call it)? And does Google's reported push to end rooting with Lollipop have something to do with this?

source: mobilesecurityares via WMPowerUser