Three Samsung KNOX Vulnerabilities Dropped by Israeli Researchers

Two Israeli researchers have recently found three vulnerabilities in Samsung’s KNOX involving the way its services are shared with user applications.

The vulnerabilities in Samsung’s enterprise containerization solution aimed at boosting BYOD data privacy have been dubbed CVE-2016-1919, CVE-2016-1920, and CVE-2016-3996. Although all three have been timely reported to Samsung and patches have been issued to address them, there’s still the issue of when affected device will receive them.

While the most affected version of KNOX was 1.0, the CVE-2016-3996] has also been successful on KNOX 2.3, running on Android 5.0, while the other devices were running Android 4.3. In all three scenarios, the implications involve an attacker either gaining access to the KNOX-protected data or being able to gain access to all traffic inside and outside the KNOX container.

“Our results emphasize the inherent and fundamental pitfalls in the secure container paradigm,” reads the research published by Uri Kanonov and Avishai Wool. “Finally, we contrast KNOX 1.0 with the most recent version of KNOX: we show how the latest KNOX improves security – while also making security sacrifices in favor of user satisfaction.”

While Samsung has already addressed these vulnerabilities, users are strongly encouraged to install the new upgrades and companies should start pushing the updates through MDM (Mobile Device Management) consoles.

“Devices that are KNOX capable can be updated via the Maintenance Release process. KNOX 1.0 containers will automatically upgrade to the newer KNOX 2.x technology when the update is applied,” reads the Samsung comment. “Updating a KNOX 1.0 device to support KNOX 2.x would involve upgrading its Android version to at least Android 4.4.”