Samsung-Knox-AH-1

Security Researcher Suggests Samsung’s KNOX and Android 5.0 Lollipop Aren’t All That Secure

October 27, 2014 - Written By John Anon

Back in June, Google announced the newest and highly awaited version of Android 5.0 (Lollipop) would come loaded (and protected) with Samsung’s security package known as KNOX. The idea behind employing KNOX is Google are intent on making Lollipop an operating system for both work and personal use. Many people (and companies) are slowing warming to the idea of using a single device for both work and home use. With the increasing popularity of bring-your-own-device (BYOD) there is the increasing consumer-worries of security and personal data breaching. It is presumed most users would be happy to use their personal devices as their work phone if nothing else then to avoid having to carry two devices with them all the time. If a device doubles as your work device then there is always the worry someone (in the workplace) will have increased access to your personal data as it is stored on the same device, your device.

With this in mind the idea behind Google’s employment of KNOX was to ensure private and personal data remains private and personal. Lollipop is expected to offer those who BYOD the ability to switch between work and home use. Although other ROMs do offer a similar feature already (like ‘Profiles’) the Lollipop example will shut down all data from the personal side of your phone. Which the simple profile feature on custom ROMs cannot do. In short, once work mode is activated, a new launcher starts with only work and enterprise relative apps. All other apps (including Play) and data will effectively be hidden while in work mode. Ensuring the security was where KNOX came in. Since the original announcement KNOX has received wide praise for its security and only last week was approved by the U.S. Government for classified use. Not to mention also being approved in the same manner by NASA. With those kinds of credentials you may be quite happy knowing you are protected by KNOX.

Well, an unknown security researcher has now claimed KNOX is not anywhere near as secure as we may have thought. The idea behind KNOX is information and data are stored on separate partitions and as such cannot be accessed when in one or the other modes. However, the researcher observed that the security PIN (which the user sets-up when first using KNOX) is clearly visible in a plain text file and hidden within the system. In short, compromising the security of the partition separation. By an intruder finding the pin, they could in effect access the ‘retrieve a password hint’ and in turn know the first and last letters of the password, along with its length. More worryingly, the researcher notes that it is highly likely the actual password is also locally stored and as such findable. Samsung did respond to the claims by trying to ensure KNOX is secure and highly advising users to use MyKnox instead of the KNOX version where the researcher found the vulnerabilities. However as the researcher notes in their response to Samsung’s response, MyKnox is only available on the Samsung S5 and Note 4. As such all other devices remain highlight insecure (according to the researcher). So if you do not own an S5 or Note 4 then it may be worth holding off BYOD to work if you are worried about security issues. If the researcher is correct thens KNOX and in turn Lollipop may not be as safe as everyone had expected.