Samsung is offering a special version of its Samsung IV Galaxy smartphone called Knox. Knox is targeted on the high end financial, business and government communities. Does Knox solve the problem of smartphone insecurity and significantly reduce risk for its users?
What is Knox: Knox is a partitioned mobile platform running two operating systems, one for personal use and one for enterprise use –the enterprise (private) side being within a “container.”
There are other Knox-like partitioned mobile platforms either in the market or entering the market coming from other vendors such as LG, Blackberry, etc. None of them have been around long enough to know how well they are engineered in relationship to multiple Android vulnerabilities and OS/Kernel weaknesses.
The Knox container has its own separate home screen, launcher, applications and widgets. All the data and applications stored in the container are said to be isolated. It is claimed that no application or process inside the container can interact or communicate with any process outside of it and vice-versa.
All files within the container are encrypted using the Advanced Encryption Standard (AES) cipher algorithm with a 256-bit key.
Knox features are (1) Customizable Secure Boot, (2) TrustZone-based Integrity Measurement Architecture (TIMA), and (3) Security Enhancements for Android. Secure boot, the company claims, is the Knox-enabled device’s first line of defense, ensuring that only verified and authorized software can run on the device bootup. TIMA monitors the kernel.
Knox depends on the user to carefully delineate use between partitions. Knox does not protect the public partition. Knox runs an APP store for the private side that provides safe APPS for Knox.
Problems with Knox
In the past two months there have been reports of vulnerabilities and flaws in the Knox system.
The latest report comes from the Ben Gurion University Cyber Security Laboratory in Israel. There two researchers Mordechai Guri and Dudu Mimran (the Security Laboratory Chief Technical Officer) claim that a hacker can easily intercept any data on the secure side of the Knox platform. The researchers also believe that professional hackers could actually modify the Knox platform, effectively compromising it by planting malware or spyware on the platform. In response a Samsung spokesperson said “Rest assured the core Knox architecture cannot be compromised or infiltrated by such malware.”
Until now, no one has explained how spyware, planted on the public side of the Knox platform, won’t seriously compromise the Knox user.
Researchers should look into two security problems that arise in a dual platform device.
The first problem is what happens if spyware is planted on the public side of the smartphone. This is the “open” platform that is generally unprotected. Spyware, or what is called a spy phone, can intercept literally any conversation and any transaction (email, text, video, photo) on the public side of the smartphone. Professional spy phones can activate a phone’s microphones and cameras without the knowledge of the user and even if the phone is switched off. Since among the data normally targeted by spy phones are calendars, the intruder knows when to activate the spy phone. When the intruder does this, either he can immediately stream the information secretly back to his web address, or alternatively he can store it in a hidden folder and stream it back later. In short, the user remains entirely vulnerable on the public side to spy phones and other malware.
The second problem revolves around the question of the use of hardware on Knox. A smartphone consists of numerous sensors and transmitting systems including cameras, microphones, Bluetooth, WIFI, voice and data radios, etc. When a Knox user is booted up on the private side of the phone, are the sensors and radios fully and securely controlled by the Knox platform? If not, then a spy phone or other malware on the public side can take information from these same sensors being used on the private side of the platform. This would facilitate spying on the private side as well as on the public side of the platform.
APPS for the private side of the Knox platform are controlled through a store run by Samsung. Experience with attempts to block malware on Android platforms by auditing APPS in places such as Google Store, have been less than successful. One anti-virus company reported this past summer that some 1,200 APPS on the Google store over a 7 month period were malware. And these are the easy ones to detect. Really sophisticated malware is often embedded in legitimate programs. Because of the plethora of APPS available today, and the diversity of sources (APP production is truly a global enterprise), finding the “bad” ones is a challenge. If we learned anything from anti-virus software, the “bad” stuff is usually found after many computers are already infected. When you think of the small universe of enterprise and government users of a product like Samsung, the risk is exponential if a “bad” APP or “bad” modified APP infects the smartphone.
No one really knows if Samsung will be any more successful than Google in protecting APPS, yet this protection is critical under the Knox scheme. If history shows us anything, one should not be optimistic or confident in the result.
The Knox system offers an effort at a serious security system for an Android platform. Other companies, such as LG and Blackberry, are working on the same thing. While the jury is still out on Knox, there is no doubt there are many problems. It is unlikely either the U.S. government or enterprise customers will, as Samsung says, “rest assured” that Knox is safe.