I made a small post a while back talking about the security of Android and saying how many would profit from bad allegations brought to the name of the default security – the competition and not only. If you’ve missed that post, just click here to go to it, but only if you want to of course. Anyway, Samsung is apparently one of those people to profit from such allegations as they themselves have a security software – the Samsung Knox.
Now this Samsung Knox security software has been continuously gaining popularity in the business world. The app itself was looking good and it brought a lot of promise. Heck, even the US Department of Defense was considering giving Knox-Protected Galaxy S4 units to their staff, but things went a bit awry. Researchers at the Ben Gurion University of the Negev in Israel discovered a somewhat serious vulnerability in this program.
According to these researchers, this issue not only exposes critical E-Mail and communication data, but also allows hackers to insert malicious code through with its aid. As it was to be expected, Samsung went ahead and hastily denied all accusations, but also an investigation of their own.
The investigation has recently concluded and Samsung was indeed able to verify the exploit and has intercepted critical data. As it turns out, this is not an error of the program itself, but rather a Men in the Middle attack, possible due to an omission while configuring the Knox security feature on the user’s side.
Nevertheless, Samsung did offer a few solutions and tips how to avoid said problem. These tips will be sent to the Knox users as messages as well too. I’ll go ahead and post you the short version of these tips:
- Mobile Device Management: this is a feature that ensures that a device containing information of the more sensitive kind is set up correctly according to an enterprise-specified policy and is available in the standard Android platform. Knox in itself will enhance the platform by adding some additional policy settings of its own, including the ability to lock down security-sensitive device settings. With the MDM configured on the device, when an attack tries to change these settings, the MDM agent running on the device would have blocked them. In that case, the exploit wouldn’t have worked.
- Per-App VPN: the per-app VPN features of Knox allows traffic-only from a designated and secured app to be sent through the VPN tunnel. This is a feature that can be selectively applied to apps in containers, allowing fine-grained control over the trade-off between communication overhead and security.
- FIPS 140-2: the Samsung Knox program implements a FIPS 140-2 Level 1 certified VPN client, a NIST standard for data-in-transit protection along with the NSA suite B cryptography. The before mentioned FIPS 140-2 standard applies to all federal agencies that use cryptographically strong security systems to protect sensitive information in computer and telecommunication systems. Nowadays, many enterprises deploy this type of strong VPN support to protect against data-in-transit attacks.
So, in conclusion, there’s not really too much you should be worried about. As it would turn out, a properly configured Knox-secured device can keep your data pretty much secured. I wouldn’t necessarily go as far as to say it’s Fort Knox secured, but the name is pretty relevant nonetheless.