Security

Samsung Knox isn't as secure as you think it is

Israeli researchers recently found a slew of security flaws in the Samsung Knox security system commonly used in Android phones.

Image: iStockphoto/Maksim Kabakou

Samsung Knox, the security system that runs on a plethora of the company's Android smartphones, was recently found to be suffering from a host of security problems.

In a paper recently submitted by Israeli researchers Uri Kanonov and Avishai Wool, three key vulnerabilities were found to exist in specific versions of Knox. Users running Knox version 1.0-2.3 are vulnerable, especially if they're using an older Samsung device.

SEE: BYOD (Bring Your Own Device) Policy Template (Tech Pro Research)

In its take on the research, The Register pointed out a specific line in the paper that stood out. In contrasting Knox 1.0 with its latest iterations, the researchers found that "the latest Knox improves security—while also making security sacrifices in favour of user satisfaction."

The first of the three big vulnerabilities that were found was described as "Weak eCryptFS Key generation from user password on Knox 1.0 / Android 4.3," known officially as CVE-2016-1919. If you've forgotten the naming scheme, Android 4.3 is Jelly Bean.

The eCryptFS key is supposed to mix the user's password and a 32-bit key to provide encryption, but the vulnerability "allows an attacker to decrypt Knox encrypted data without knowing the user's password."

Next up was the vulnerability CVE-2016-1920, which allows an app running outside of Knox to run a man-in-the-middle (MITM) attack against Knox SSL traffic. With this vulnerability, a third-party app running VPN-related permissions can run traffic through it.

Last, but not least, was CVE-2016-3996, which "allows an attacker to steal the contents of the Knox clipboard." A Knox proprietary service called clipboardEx gives access to both Android and Knox clipboards, and is the vehicle through which the attacker gains access to content stored on the clipboards.

screen-shot-2016-05-31-at-9-28-42-am.png

It's important to note that, as of late 2015, Samsung was informed of these vulnerabilities and they have been patched. However, it is still up to the vendors to issue their individual updates, and users should always check to make sure they have received the update.

SEE: Android Security Update May 2016: What you need to know (TechRepublic)

Samsung originally announced Knox in early 2013 as an end-to-end security solution for Android. After Knox integration with Android was announced in 2014, it seemed that Android was well on its way to getting the kind of native security required of enterprise deployments.

However, these vulnerabilities along with continued fragmentation in the Android ecosystem, could be evidence that Android still has some work to do before it can reach wider adoption in the workplace.

The 3 big takeaways for TechRepublic readers

  1. Tel Aviv University researchers found three vulnerabilities in Samsung Knox that affect versions 1.0-2.3, meaning that some users could still be at risk. Patches have been issued, but users must be sure they have updated their device.
  2. The researchers pointed out that the latest version of Knox seemed to have improved security in some regards, but also made sacrifices to other areas of security to make it easier for users.
  3. The announcement of these vulnerabilities could be problematic for Android in the enterprise, as Knox was one of the key security features hoping to show that the phones are ready for the workforce.

Also see

About Conner Forrest

Conner Forrest is News Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks