14 DAY TRIAL // Uri Kanonov and Avishai Wool, two researchers from Tel Aviv University, have discovered three vulnerabilities in Samsung's KNOX platform, a collection of tools meant to separate working spaces on Samsung devices running on the Android operating system.
Mainly used in BYOD (Bring Your Own Device) corporate environments, Samsung KNOX works by adding a toggle on the user's screens that allows them to switch between a work screen and a personal one.
Samsung claims that KNOX's work environment comes with a collection of tools that work on top of Android's already existing security measures, to fill the gap and provide a much more hardened workspace for its corporate users.
According to Samsung's KNOX brochure, the platform's key features include Secure Boot, Trusted Boot, ARM TrustZone-based Integrity Measurement Architecture (TIMA), Security Enhancements for Android (SE for Android), and TrustZone-based Security Services.
Flaws allow VPN MitM, clipboard leakage, user password corruption
Because KNOX is a closed source platform, the two Israeli security researchers embarked on a project to map out KNOX's features, in order to get a better view of how the platform works.
During their research, the two discovered three severe security issues, of which they notified Samsung, and the company moved to fix them with KNOX's latest release.
The first issue, CVE-2016-1919, relates to the usage of weak encryption for user passwords on KNOX 1.0 on Android 4.3 devices.
The second, CVE-2016-1920, allows for MitM (Man-in-the-Middle) attacks on VPN connections thanks to a shared certificate store, affecting devices running KNOX 1.0 on Android 4.3.
The last, CVE-2016-3996, enables attackers to leak data from the secure KNOX clipboard and affects KNOX 1.0 through 2.3 on multiple Android versions.
The researchers say they tested the vulnerabilities only on a limited set of devices and KNOX versions, and the best course of action for KNOX users would be to update to the latest version. The first two issues can be mitigated by updating to KNOX 2.x.
A guide to finding out what KNOX version you have installed
For Samsung devices running Android 5.0+:
Step 1: On the home screen, tap Apps > Settings. Step 2: Tap About Device. Step 3: The device version number is listed under KNOX version.
For Samsung devices running Android 4.4.4 or older:
Step 1: In the KNOX container, go to Samsung KNOX Settings. (In KNOX 2.0, this is in the Apps area. In KNOX 1.0, tap the left softkey.) Step 2: Tap About KNOX.
