Research suggesting that Knox isn’t as safe as Samsung claims has surfaced. To put Android user’s to ease when it comes to their security and privacy, it seems like Samsung went a step ahead than many others and came up with Samsung Knox. This is basically a security environment that can help users stay safe.
Unfortunately, despite how amazing it sounds, it now seems like things aren’t as great as Samsung has been leading us all to believe. A German security research known as Ares has found several problems with the system.
What is Samsung Knox?
The main purpose of this tool is to help keep data which is official, safe on phones which are personal. Users basically store all the sensitive data on a secure storage space or partition that has been setup by the tool. It seems like a dream come true for employers who allow BYOD and lose a lot of sleep over company data falling into the wrong hands because of it. However, Ares seems to think the system isn’t as air tight as it should be.
If someone is to check the phone’s Knox space they’d need to be in possession of the password or pin that is associated with it. Owners who forget their passwords can actually simply reset the tool and use their PIN stored on the phone to get back access. The problem is that this PIN is held on the phone in a totally unsafe and unencrypted way – it’s literally a plaintext file. You don’t need to get into Knox to access this PIN.
When this PIN is entered the Samsung Knox Personal actually lets the user (or potentially the hacker) see the first and last characters of the password. It can even reveal the total characters that need to be entered. These are great clues if you are the real owner and have forgotten the passwords, and this is scary stuff if a hacker or cracker finds their way to it.
Not secure enough
The encryption being used by Knox to keep the password safe is also not reliable. While a high quality program would encrypt a password by using randomly generated characters and numbers, Knox doesn’t. This makes things super easy for a potential attacker.
Since the revelation Samsung has released a statement telling users to upgrade to My Knox, and that the previous Knox has been knocked out. The problem is that My Knox will only work with newer devices, so users with older sets are left in a lurch. The statement from Samsung also failed to address any of the issues that Ares had pointed out through his research.
There’s a lot more to this story that will unfold. Let’s hope that it isn’t because people start losing their data due to weaknesses within Knox. It would ironic that something that is meant to provide better security becomes the very cause through which security is not only hindered but also lost.