Android security a joke

samsung_knox-680x400

Android has never has a big reputation for security, but Samsung’s Knox, which has been certified by the NSA for government use and which is being adopted by Google as their standard solution in Android L, was meant to fix it.

Now a security researcher has revealed that the secure container, which was meant to have a separate partition for corporate data with its own encryption, stores its PIN in plain text, available for anyone to read after rooting the device.

The unnamed researcher suggests passwords should never be stored on a device like this, and that in generating the encryption key Samsung simply used Security by Obscurity, saying:

“Samsung really tried to hide the functionality to generate the key, following the security by obscurity rule,” the report says. “In the end it just uses the Android ID together with a hardcoded string and mix them for the encryption key. I would have expected from a product, called Knox, a different approach.”

Google’s inability to secure Android explains why the OS is still behind iOS in enterprise, even while owning 85% of the smartphone market.  It is also a weakness Microsoft has been able to exploit in growing Windows Phone’s market share in the same enterprise arena. Hopefully long will it continue.

Read more at Threatpost.com

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.

Related
Comments