“So now it is pretty obvious that Samsung Knox is going to store your password somewhere on the device,” the report says, adding that in fact he found the encryption key in a container folder. If an attacker has access to the phone and can retrieve the PIN, he can use a “Password forgotten?” field to get a password hint that turns out to be the first and last character of the supposed secret code, in addition to the exact length of the password. The report goes on to explain that the PIN can be used to retrieve a password hint.
Specifically, a pin.xml file stored in the ContainerApp stored on the device during setup contains the unencrypted PIN number. The containers have their own encrypted file systems as well, keeping secured apps separate from applications outside the container.Īn unnamed researcher, however, on Thursday published a lengthy report that claims a PIN chosen by the user during setup of the Knox App is stored in clear text on the device.
HIDER 2 VS KNOX ANDROID
The agency’s approval was also seen as a solid endorsement for Samsung’s Knox technology, which provides for separate partitions, or containers, on the Android devices in order to keep personal and business data from co-mingling. The NSA’s blessing, given under the agency’s Commercial Solutions for Classified Program, meant that the Samsung Galaxy 4, 5 and Galaxy Note 3 and note 10.1 2014 Edition cleared a number of security stipulations and could be used to protect classified data. A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency.