Serious Vulnerabilities in Android affected Samsung Knox Security System


Several grave security issues have been found in Samsung Knox security system in Android smartphones. Just recently researchers Uri Kanonov and Avishai Wool from Tel Aviv University have revealed three serious Android vulnerabilities which have affected the security system of Samsung Knox which affects versions of Knox on Samsung’s older devices. Knox is an app designed by Samsung to be used by professionals so as to segregate work and play from their personal Samsung device and served as a container and a sandbox to keep different applications and data separate with security. When Samsung improved Knox security it sacrificed some of the components of security barrier making it more user-friendly, in order to keep up with the simple security solutions provided by its competitors, which later on leads to serious issues elaborated below in detail.
Vulnerabilities In Knox Security System

First Vulnerability

As described by the researchers the first vulnerability they both discovered in Knox 1.0 on Android 4.0 was ‘Weak eCrypt key generation’ which is based on the user password entry to Knox system. The encryption system was for both, for the Knox container as well as for any data located and stored in the SD card based on a 32-bytes AES key, but the vulnerability was actually in the mechanism that how this encryption is used. As Knox uses a seven character password but with the flaw in the use of encryption the feature can easily be attacked by cracking its encryption and the attacker can get the access to the data files stored in there.

Second Vulnerability

The second issue was related to the ‘shared certificate storage weakness’ in Android. The apps which are stored and saved in Knox use the same certificate store as the apps that are in outside the Knox in standard Android environment. Remote access could be established when Android allows third-party-certificates with users authorization and creates a VPN tunnel for security. If the user installs any malicious app by any untrusted developer which requires VPN permission then it can establish a dangerous tunnel between the attacker and your Android system which can lead to cyber theft and leak of all your confidential data.
Third Vulnerability
Third and the most serious security issue that was discovered by Kanonov and Wool is related not only to the Knox but also to the version 2.3 and up of Android Operating System. The security issue was with the service which was found corrupted named clipboardEX which is responsible for providing access to the data files stored in Knox as well as in Android clipboard and other servers connected to the service, so the attackers can easily access the files stored in both by sending suspicious and malicious codes which even doesn’t require users password due to no encryption.
How to Avoid such Vulnerabilities in your Android Device?
All these security flaws and vulnerabilities are serious and can cause irreparable damage not only to your Android device but also to your sensitive and confidential data stored in the device, but you can completely avoid such attacks and security issues by following some cautious tips and make them a routine;
1. Always use an Anti-virus and Anti-malware for your Android device.
2. Never install any app from the untrusted developer.
3. Use a high-end Android VPN service to safeguard your phone from all online security threats and attacks.

Leave a Reply