KNOX rumored to be easy to hack - Android 5.0's corporate security feature may be, too

KNOX rumored to be easy to hack - Android 5.0's corporate security feature may be, too
Android 5.0 Lollipop is a pretty big update for Google's mobile OS. It will bring a UI overhaul, a number of reworked features, and a few nifty additions, as well. Among these is an app, which will allow users to lock out their professional apps and data from their personal ones – a feature that is ever so needed in the growing BYOD (bring your own device) niche.

Built with contributions from Samsung's own KNOX, the new feature is said to work much in the same manner. Basically, with KNOX, you start up the app at the beginning of the work day and it gives you a new launcher, with a new homescreen, app drawer, and apps. KNOX apps are different than Android apps – there is no Play Store here, KNOX is all business and offers only enterprise-oriented applications. At the end of the day – turn off KNOX and your phone is back to normal. And, of course, Samsung's secure interface, and the professional data that is stored within it, is locked via PIN.

KNOX has received plenty of praise for its security in the past few months – being approved by the US Department of Defense and, most recently, by the NSA – so the next bit of news may come as a bit of a surprise to many.

An “unnamed researcher” claims to have found where KNOX keeps its security PIN, and it's not that much of a secure place, either. Reportedly, it is stored in plain text in a file, inconspicuously named pin.xml. Granted, in order to gain access to this file, one needs root access.

Now, Samsung has responded with a blog post, denying that access to the PIN is that easy, claiming that “...unlike what is implied in the blog, the access to this key is strongly controlled. Only trusted system processes can retrieve it, and KNOX Trusted Boot will lock down the container key store in the event of a system compromise."

Still, the researcher (who we guess is a passionate and enthusiastic tinkerer, rather than a threat entity) has updated his post, claiming that the tests were done on a brand new and up-to-date Galaxy S4, which comes with KNOX out of the box.

Where does the truth lie, exactly? Only extensive testing will answer that. For now, we can't help but wonder – just how much of KNOX is Google using for Lollipop's “corporate mode” (or whatever they call it)? And does Google's reported push to end rooting with Lollipop have something to do with this?

source: mobilesecurityares via WMPowerUser

FEATURED VIDEO

29 Comments

1. XperiaFanZone

Posts: 2277; Member since: Sep 21, 2012

Good. Rooting will be easy.

4. StraightEdgeNexus

Posts: 3689; Member since: Feb 14, 2014

Lol true, Rooting is more necessary than half-assed security for me.

7. sprockkets

Posts: 1612; Member since: Jan 16, 2012

Then Knox will detect that and throw you out of your corporate apps forever. Good idea.

16. StraightEdgeNexus

Posts: 3689; Member since: Feb 14, 2014

Not everyone has BYOD type jobs....

20. sprockkets

Posts: 1612; Member since: Jan 16, 2012

So? You haven't really explained why rooting gives you any more security.

22. StraightEdgeNexus

Posts: 3689; Member since: Feb 14, 2014

Nowhere did I say rooting gives me more security, I'm just saying security isn't that necessary for a user like me, I need fun, I need root.

23. sprockkets

Posts: 1612; Member since: Jan 16, 2012

Well I get you now. But if you need root just get a phone that allows you to unlock without resorting to cracking.

28. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

Rooting can give you privacy and data security for apps AND give you a customized "beauty of Android" experience. As you know, standard Android has little to no data/privacy security. KNOX gives you some added security vs. standard Android, but at the cost of putting things in "containers" which are taxing on the processor and ultimately under Samsung/Google's control, not the user's. For most users, as per Samsung's own surveys, root capabilities provide the POSSIBILITY of a better experience than KNOX. Not everyone wants/has to do what you can do with root. But for those of us who want to go into wonderland, why close the door?

29. StraightEdgeNexus

Posts: 3689; Member since: Feb 14, 2014

And with SuperSU, you have the capability of keeping root related malicious threats at bay.

2. fouadqr

Posts: 326; Member since: Nov 21, 2012

Lol...

3. networkdood

Posts: 6330; Member since: Mar 31, 2010

Well, they have to keep up with iOS.. Lol

24. iushnt

Posts: 3097; Member since: Feb 06, 2013

I don't think iOS is for security??

5. Felix_Gatto

Posts: 942; Member since: Jul 03, 2013

Blackberry is still the best in mobile security.

8. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

I would consider it a tie between them and WP, though i would understand BB stronghold here cause their systems are lovingly secure. Today alone have handled 3 virus cases on android.

9. sprockkets

Posts: 1612; Member since: Jan 16, 2012

The horror. Let me guess, you went to settings, apps and removed the "viruses"? That was so hard.

10. jroc74

Posts: 6023; Member since: Dec 30, 2010

Security by obscurity for WP. BB is just a beast for security..

12. meanestgenius

Posts: 22035; Member since: May 28, 2014

Totally agree.

6. Tuxedo

Posts: 356; Member since: Mar 19, 2013

I'm very disappointed that Google adopted Samsung software. They have a terrible track record in the software arena.

25. iushnt

Posts: 3097; Member since: Feb 06, 2013

Yes, Samsung wasn't good in software before..now they have highly improved

11. HomerS

Posts: 419; Member since: Sep 19, 2014

To gain access to the PIn you need Root access and when you root the device Knox will shut down completley. The S4 is over 1,5 years old, maybe it comes not with the newest Knox Version installed?

13. meanestgenius

Posts: 22035; Member since: May 28, 2014

For the most secure end-to-end solution, one should always choose BlackBerry. It's what they do!

14. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

The article mentions how all of Samsung's KNOX solutions have password backup/recovery, even the latest version. So your data isn't even truly secure. IT can access everything you put into KNOX. Or your password can be recovered from the device itself by any "trusted" system process. Which means Google and/or Samsung and/or your carrier has it and can give it to law enforcement or sell it to a crime syndicate. So maybe for corporate/government records, it makes sense, as those organizations generally watch over their employees very carefully. But for personal use, KNOX doesn't make much sense. It's fake security and as Samsung/Google aren't forthright with the limitations of KNOX, it is basically nothing more than fraud. In short, KNOX is a dumb idea for 98% of people and should only be on special phones. Or be some other system image that can be downloaded/flashed for special needs.

18. sprockkets

Posts: 1612; Member since: Jan 16, 2012

In short, you really don't know what you are talking about.

27. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

Is that what you say about everyone who you disagree with? Why don't you give me the positive value use case for KNOX for the 98% of Samsung users (per Samsung!) that don't use KNOX.

15. StraightEdgeNexus

Posts: 3689; Member since: Feb 14, 2014

Not everyone has BYOD type jobs, rooting is more necessary than security for my phone.

19. sprockkets

Posts: 1612; Member since: Jan 16, 2012

You keep saying that but never explain why.

17. xtroid2k

Posts: 601; Member since: Jan 11, 2010

This is awesome. Atleast a vulnerability has been found possibly and a fix can be issued. Security remediation is tough work and only through attention to detail and teamwork can we reach a more secure state.

21. StraightEdgeNexus

Posts: 3689; Member since: Feb 14, 2014

.....

26. iushnt

Posts: 3097; Member since: Feb 06, 2013

These kind of vulnerability will help Knox be more secure

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.