Samsung issues response to recent claims of KNOX vulnerability

samsung_knox_logo

Last month security researchers from Ben-Gurion University Cyber Security Labs claimed to have discovered a vulnerability in Samsung’s KNOX security platform. Samsung has issued a statement regarding the claims, indicating the issue identify by the Ben-Gurion researchers was really a classic Man in the Middle (MitM) attack and not a bug or flaw in KNOX or Android. Samsung indicates they reached out and discussed the issue with the security researchers  and were able to verify that the exploit that was identified exists as it “uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.”

Samsung says in their statement that the exploit could be implemented via a user-installed program, but would be neutralized through the use of encryption of application data before sending it to the Internet, a practice that Google encourages through the use of SSL/TLS. If that kind of encryption is not possible, say for standards based compliance, Android’s built-in VPN could be used or any third-party VPN solution that Android supports. Either of these solutions would prevent an attack based on a user-installed local application. Samsung also pointed out that KNOX provides additional mechanisms to help thwart MitM attacks, including:

1.    Mobile Device Management — MDM is a feature that ensures that a device containing sensitive information is set up correctly according to an enterprise-specified policy and is available in the standard Android platform. KNOX enhances the platform by adding many additional policy settings, including the ability to lock down security-sensitive device settings.  With an MDM configured device, when the attack tries to change these settings, the MDM agent running on the device would have blocked them. In that case, the exploit would not have worked.

2.    Per-App VPN — The per-app VPN feature of KNOX allows traffic only from a designated and secured application to be sent through the VPN tunnel. This feature can be selectively applied to applications in containers, allowing fine-grained control over the tradeoff between communication overhead and security.

3.    FIPS 140-2 — KNOX implements a FIPS 140-2 Level 1 certified VPN client, a NIST standard for data-in-transit protection along with NSA suite B cryptography. The FIPS 140-2 standard applies to all federal agencies that use cryptographically strong security systems to protect sensitive information in computer and telecommunication systems.  Many enterprises today deploy this cryptographically strong VPN support to protect against data-in-transit attacks.

Professor Patrick Traynor with the Georgia Institute of Technology summarizes the results of the work by both Ben-Gurion and Samsung, “Proper configuration of mechanisms available within KNOX appears to be able to address the previously published issue. Samsung should strongly encourage all of their users to take advantage of those mechanisms to avoid this and other common security issues.”

source: Samsung KNOX


About the Author: Jeff Causey

Raised in North Carolina, Jeff Causey is a chief financial officer and licensed CPA in Durham, North Carolina. Jeff has owned an HTC EVO, a Samsung Note II, and a Samsung Galaxy Tablet 10.1. He currently uses an LG G3 and a Nexus 7 (2013). Recently Jeff added Google Glass to his stable of tech gadgets. Unfortunately, his wife and kids have all drunk the Apple Kool-Aid and have i-devices. Life at home often includes demonstrations of the superiority of his Android based devices. In his free time, Jeff is active in his church, a local MINI Cooper car club, and his daughter's soccer club. Jeff is married, has three kids, and a golden retriever.