KNOX has been in the spotlight quite a lot over the last few days. For those of you unfamiliar with KNOX then in short this is Samsung’s take on security and with a particular emphasis on the enterprise industry. Back at Google’s I/O event, Google announced that KNOX would be incorporated into Lollipop to try and offer a more secure device. Especially for those who want to use their devices at work as well as at home (BYOD). This was a good endorsement for Samsung’s KNOX. To add to its praise KNOX was all certified by both NASA and the U.S. Government for classified use. With all these accolades it seemed the future was bright for KNOX.
However, only a couple days ago an unknown security researcher published a post on his blog which highly questioned how safe KNOX is. The researcher had managed to gain interesting insights into KNOX and especially on how passwords used to partition (and therefore secure) data is used. This caused quite a stir in the news world and also for Samsung. As such Samsung was quick to respond by saying the researcher was incorrect in a statement of their own. This was very publicly done and directly towards replying to the researcher. Not phased by Samsung’s reproach the researcher again responded explaining how he achieved the information he did in another blog response. Samsung had claimed the version of KNOX the researcher had used was an older version although the researcher responded by highlighting this was the version available to all devices other the Samsung Galaxy S5 and Note 4.
Interestingly, today Samsung have announced via their own KNOX blog that regardless of how vulnerabilities or issues are noted or raised they do not want to ignore them. If there was any doubt as to whether this had anything to do with the recent researcher. Then it is worth noting a line from the announcement which reads “In some cases, researchers contact us privately and in other cases, anonymous blog posts go up”. That said, the announcement itself is good news as it does recognize that there may be issues and that Samsung are intent on making those sure issues are remedied. The announcement concludes by stating anyone else who finds any further issues should contact them directly.