What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Samsung Knox completely insecure and compromised.

Oh my, further into the article we see that they generate the encryption key using hard coded strings and the device ID.

What he ultimately discovered was that Knox simply uses the device's Android ID, a serial number any app can request from the system, "together with a hardcoded string and mix them for the encryption key. I would have expected from a product, called Knox, a different approach."
 
Well good thing I found it to be cumbersome and useless and decided against trying to get it to do what I wanted to do...
 
1. Consider the source of said article. Of course this is coming from Samsung's arch rival.
2. Any OS can be compromised.
3. You'll find positive & negative articles all over the web regarding the security of any device.... PCMAG

S5 tap'n
 
So what the researcher is saying (and this shill of an article fails to point out) is that to compromise Knox you first have to bypass a fingerprint scan, then bypass a pin code, then bypass a password to then attempt to access encrypted system files. Got it.


IsixedThat
Piece of cake!

Sent from my Note 4
 
So what the researcher is saying (and this shill of an article fails to point out) is that to compromise Knox you first have to bypass a fingerprint scan, then bypass a pin code, then bypass a password to then attempt to access encrypted system files. Got it.


IsixedThat
No, that isn't what it is saying at all.
 
So how do you access the plain text files that are wrapped in a security blanket of the items I mentioned above?


IsixedThat
 
So how do you access the plain text files that are wrapped in a security blanket of the items I mentioned above?


IsixedThat
Not sure why are so focused on physical access. It will happen via a malicious app using the file encryption key that can be reversed very easily since it is now well known. IT Security is what I do man, this is game over for Knox until they fix it.
 
Last edited:
I'm not questioning your knowledge of security, I am genuinely interested as to how it would work.

Aren't Knox installed apps sandboxed? How will it leave the sandbox to get to the files?
 
Back
Top