Why Samsung Knox security isn’t good enough? (Part 2)

A few weeks ago we wrote about Samsung Knox, the Korean phone maker’s enterprise mobile security solution, and how it has a history of vulnerabilities and being hacked. We noted that the main problem, even in newer versions where those bugs are fixed, is that Knox sacrifices security in favor of user convenience – and thus, anyone looking for real security should look elsewhere. To further illustrate that point, we decided to put it against our own Secure Phone.

Let's start with what Knox does well. With this platform, Samsung targets enterprises that have bring your own device (BYOD) policies for their employees – either because work follows them outside of the office or because it is more convenient to them to use their personal smartphones for work. This is a security risk because companies usually have no control over what employees do with their devices, what apps they have on them, or whether they use them to communicate only over safe networks.

How Knox solves some BYOD-related risks

Knox gives enterprises back control by partitioning people’s phones into a personal and a work environment. The personal one is you regular Android controlled by the user. And the work environment is the apps and files within the Knox platform, which acts as an encrypted container within the OS and could be remotely controlled by the enterprise.

IT could remotely install and uninstall apps on your phone, enforce different user policies and so on. This way an employee can’t install a harmless looking, but actually malicious app that sends, for example, contacts or copies of text messages to a third party.

It is not unlike the control we offer for Secure Phone via our Secure Phone Administration System (SAS). Control over apps and policies is part of security and a step in the right direction. Knox, however, stops pretty much at this stage, while we have decided to go much further and deeper.

How does Samsung Knox compare to Secure Phone

Ok, let’s compare Secure Group’s flagship product, the Secure Phone, to Samsung Knox 2.6. Just so we could illustrate the extra layers of security and reduced attack surface a real mobile security solution provides.

• Remote control over the device. Secure Group offers it to its clients via SAS, and Knox does a similar thing through its Knox Workspace solutions.

The difference is that with SAS you control the whole Secure Phone, while control over Knox user’s phones is limited to just the data within the Knox container. Possible vulnerabilities such as Google Services and Internet browsing are left to run free outside of it with all the resulting security complications.

• Customized OS. Knox uses a regular Android OS, while for Secure Phone we have taken the Android code, dissected it and removed everything that could pose a threat. Both Knox and Secure Phone prevent unauthorized bootloaders and kernels from being loaded onto the device. And both offer encrypted lockdown – only that ours extends to the whole device and Knox’s only to the container.

From this point on we began to take Android apart and build Secure OS. For Secure Phone we used HTC M8 and LG Nexus 5 devices – because they use the Snapdragon 801 chipset, which allowed us to push Secure OS and then lock the bootloader. This wasn’t possible with Samsung devices because they are not open-ended.

We have tweaked the system’s kernel and removed the drivers for the parts of your device that pose vulnerabilities.

For example, we have removed the camera driver. This way, even if you fall victim to a man in the middle (MiTM) attack and someone tries to use your camera to spy on you, they won’t be able to because there are no drivers. At the same time, if you think this is too much, you are free to turn the camera on and install its drivers via SAS. You have the control.

• Custom application framework. Things like push notifications and location tracking that are the essence of Google Services are cool and convenient. But also a huge door open for possible exploits. We don’t have to explain why you phone always knowing and broadcasting your location might be a problem, do we? This is why we blocked location tracking at the OS level completely.

The notification manager is also a door for attacks because it uses the cloud to push notifications on your phone, but might as well be used by hackers to infiltrate your phone. We also removed the telephony manager because it exposes the phone’s IMEI number, which, if stolen, could be used to impersonate you. We disabled it and made calls possible only via Secure Voice, our encrypted voice over IP (VoIP) app. And we tweaked the Android app content provider so an app could access data only via its own Android Application Package (APK) – so third-party apps couldn’t collect data from other apps.

• End-to-end encryption. This is the cornerstone of secure communications nowadays. Encryption ensures that even if intercepted, your correspondence would be incomprehensible to the eavesdropper. Knox has no encrypted apps by default, although ones could be installed. Secure Phone comes ready with our encrypted communications app suite, Secure Pack, preinstalled on it. It features apps for email, chat and VoIP, all using the best encryption protocols currently available.

There’s more but you probably get the picture by now. The difference between Samsung Knox and a security-first device like Secure Phone is that Knox is like an addition to a normal device, intended to fix a particular problem – while Secure Phone is built for security from the ground up.