Industry News

Three Samsung KNOX Vulnerabilities Dropped by Israeli Researchers

Two Israeli researchers have recently found three vulnerabilities in Samsung’s KNOX involving the way its services are shared with user applications.

The vulnerabilities in Samsung’s enterprise containerization solution aimed at boosting BYOD data privacy have been dubbed CVE-2016-1919, CVE-2016-1920, and CVE-2016-3996. Although all three have been timely reported to Samsung and patches have been issued to address them, there’s still the issue of when affected device will receive them.

While the most affected version of KNOX was 1.0, the CVE-2016-3996] has also been successful on KNOX 2.3, running on Android 5.0, while the other devices were running Android 4.3. In all three scenarios, the implications involve an attacker either gaining access to the KNOX-protected data or being able to gain access to all traffic inside and outside the KNOX container.

“Our results emphasize the inherent and fundamental pitfalls in the secure container paradigm,” reads the research published by Uri Kanonov and Avishai Wool. “Finally, we contrast KNOX 1.0 with the most recent version of KNOX: we show how the latest KNOX improves security – while also making security sacrifices in favor of user satisfaction.”

While Samsung has already addressed these vulnerabilities, users are strongly encouraged to install the new upgrades and companies should start pushing the updates through MDM (Mobile Device Management) consoles.

“Devices that are KNOX capable can be updated via the Maintenance Release process. KNOX 1.0 containers will automatically upgrade to the newer KNOX 2.x technology when the update is applied,” reads the Samsung comment. “Updating a KNOX 1.0 device to support KNOX 2.x would involve upgrading its Android version to at least Android 4.4.”

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.