CYBER NEWS

Samsung Replies to Critical Report About Knox

Recently, a report criticizing Knox Technology’s password management and encryption functions in Samsung’s Note ad Galaxy mobile devices (Android-based) provoked a lot of replies and rebuttals.
Samsung-Knox-Vulnerabilities
According to an advisory, that was published last week, a PIN selected during setup of the Knox App on Samsung devices is saved in clear text. The author also criticized the libraries that are used to derive encryption keys by Knox Personal on Galaxy S4. As a reply to the critical statement, Samsung revealed that Knox Personal has already been replaced, and the security issues have been eliminated on Knox enterprise version.

A researcher with Azimuth Security said that apparently the tested version of the device was old and not meant for enterprise use. The flaws that were pointed out in the report do not affect users on the last version of Knox and were never a threat for the users of the enterprise version.

The report was issued a few days after NSA (National Security Agency) as included Galaxy devices that run Knox in its Commercial Solutions for Classified Program.

→Samsung Knox provides security features that enable business and personal content to coexist on the same handset. The user presses an icon that switches from Personal to Work use with no delay or reboot wait time. (Wikipedia)

Here are the three major points made in the report and how Samsung replied to them in a statement from last Friday.

A Mealy Machine Library, Used in the Key Generation Process

Samsung states that Password-Based Key Derivation Function 2 (PBKDF2) is used in Knox 1.0. Its purpose is to generate an encryption key by combining a random number generator on the devices and the user’s password. The key derivation has been strengthened in Knox 2.0 by following the Common Criteria recommendation MDFPP.

The Encryption Key That Is Required to Auto-Mount the Container’s File System Is Saved in the TrustZone

This statement has been confirmed by Samsung, but the company points out that the access to this key is controlled. It can be retrieved only by trusted system processes. And if a system gets compromised, KNOX Trusted Boot will lock the container key store.

KNOX Container Stores an Alternative PIN in Plaintext for Password Resets

The company absolutely denies this for the enterprise containers. Instead, it counts on IT administrators to reset and change passwords, by using their MDM agent. Samsung confirms the information for Knox 1.0 Personal containers, stating that these containers are not managed by an MDM agent and store an alternative PIN or rely on a Samsung account to recover passwords. The personal containers cannot be created on KNOX 2.0 devises.

Avatar

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...