Will Verduzco · Jan 10, 2014 at 04:30 am

Samsung Responds to KNOX MitM Attack “Vulnerability”

About a month ago, we talked about a recent study (PDF) stating that most security vulnerabilities on Android are ultimately due to OEM customizations. And surprise, surprise—this can even happen on devices with technologies designed to protect users.

Late last month, security researchers at Israel’s Ben-Gurion University of the Negev discovered a security vulnerability that allowed a user-installed application to intercept unencrypted network traffic. Rather than describing this as a flaw or bug, Samsung labels the vulnerability a classic Man in the Middle (MitM) attack, which could be launched at any point on the network.

Samsung was also quick to state that this type of attack can be thwarted using existing KNOX technology (or the device-wide VPN support in stock Android):

Android development practices encourage that this be done by each application using SSL/TLS. Where that’s not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application.

KNOX offers additional protections against MitM attacks. Below is a more detailed description of the mechanisms that can be configured on Samsung KNOX devices to protect against them:

1.    Mobile Device Management — MDM is a feature that ensures that a device containing sensitive information is set up correctly according to an enterprise-specified policy and is available in the standard Android platform. KNOX enhances the platform by adding many additional policy settings, including the ability to lock down security-sensitive device settings.  With an MDM configured device, when the attack tries to change these settings, the MDM agent running on the device would have blocked them. In that case, the exploit would not have worked.

2.    Per-App VPN — The per-app VPN feature of KNOX allows traffic only from a designated and secured application to be sent through the VPN tunnel. This feature can be selectively applied to applications in containers, allowing fine-grained control over the tradeoff between communication overhead and security.

3.    FIPS 140-2 — KNOX implements a FIPS 140-2 Level 1 certified VPN client, a NIST standard for data-in-transit protection along with NSA suite B cryptography. The FIPS 140-2 standard applies to all federal agencies that use cryptographically strong security systems to protect sensitive information in computer and telecommunication systems.  Many enterprises today deploy this cryptographically strong VPN support to protect against data-in-transit attacks.

Now before we start bashing Samsung’s KNOX technology more than necessary, let’s remember that these kinds of attacks can affect non-KNOX devices as well. Furthermore, sending personal data in unencrypted form is simply asking for trouble. If anything, this should serve as a reminder to use encrypted transfers and connections whenever possible and to be wary about where we store and input our data.

[Source: Samsung KNOX Blog | Via AndroidPolice]


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Mario Tomás Serrafero · Jul 6, 2015 at 12:49 pm · 13 comments

Which OEM Would You Like to Help?

Most manufacturers have moments of greatness and moments of decadence, and in the past few years we've some of our favorite companies' tables turned. Some are stagnating, some are struggling, some lack direction. Despite this, we often hold them dear to our hearts. Many of them could use a hand, be it with design, marketing, or other tasks. If you could help out an OEM and take it back to its golden days, which one would it be?

DISCUSS
Aamir Siddiqui · Jul 6, 2015 at 11:03 am · 5 comments

Root T-Mobile S6/Edge on 5.1.1 Without Tripping Knox

If you purchase phones from a carrier, you may be no stranger to the difficulties involved in rooting and installing a custom rom, recovery and kernel on such a carrier locked device. Add to this the extra layer of security that Samsung adds in the form of the Knox counter on its devices, and one can only imagine the roadblocks for enthusiasts who want to play around with their device without losing warranty in the process. It's a slippery slope...

XDA NEWS
Jimmy McGee · Jul 6, 2015 at 06:00 am · 5 comments

IonVR Coming Soon, HTC M9 Dev Edition Gets Android 5.1 – XDA TV

The HTC M9 Developer Edition has received Android 5.1. That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the announcement of IonVR and be sure to check out the article talking about the OnePlus Cardboard price (Hint, it's free). That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA TV Producer TK released an...

XDA NEWS
Share This