After gaining U.S. government approval, Samsung Knox security for Android found to be ‘completely compromised’

“Samsung ships its Knox software on the company’s higher-end Android-based Galaxy smartphones, phablets and tablets, aimed at enabling sales to enterprise and government clients who have sensitive security needs, in a bid to take on Apple’s extensive lead in enterprise sales.,” Daniel Eran Dilger reports for AppleInsider. “”

“Two days ago, Samsung announced that the U.S. government had approved a series of new devices ‘for use with classified government networks and data. All devices and capabilities incorporate security features powered by Samsung KNOX,’ and were added to the ‘Commercial Solutions for Classified (CSfC) Program Component List,'” Dilger reports. “The company’s chief executive JK Shin stated in a press release that ‘the inclusion of Samsung mobile devices on the CSfC list proves the unmatched security of Samsung Galaxy devices supported by the KNOX platform.'”

Dilger reports, “Earlier today, however, a software researcher published findings showing that Samsung’s Knox app stores the user’s password “hint” PIN in plain text on the device… Samsung’s Knox security layer for Android generates weak encryption keys, stores passwords locally and gives users login hints in a fatal ‘security by obscurity’ design ‘compromising the security of the product completely,'” a researcher has detailed.”

Read more in the full article here.

MacDailyNews Take: Somebody has be on the take.

By SteveJack

U.S Government Intelligence. The oxymoron that keeps on giving.

Why would the U.S. government choose an insecure mobile operating system on devices from a South Korean convicted infringer of a U.S. company’s patented intellectual property over said U.S. company’s vastly more secure products?

Could it be due to the fact that Google has already inserted some U.S. National Security Agency (NSA) code into Android while Apple does not accept code from any government agencies for any of their operating systems or any other products?

Nah, couldn’t be. That doesn’t make any sense at all. I must be craaazzzy!

I long for a simpler time. A saner time. A time when rewarding foreign companies that have been convicted of repeatedly and blatantly stealing intellectual property from U.S. companies with contracts financed with U.S. taxpayer money would be utterly unthinkable, not rubber-stamped.

Along with U.S. taxpayers who value their hard-earned money, any U.S. representative worth his or her salt should be livid right about now. That only one or two might be (if we’re even that lucky), is a pitiful testament to the absolutely clueless, generally moronic, and largely worthless dreck that fouls the houses of the U.S. Congress today.

Will some U.S. Congressperson or Senator finally luck out and stumble into a clue, then stand up and ask WTF is really going on here?

If not, a plague on both your houses, you unpatriotic fools.

U.S. citizens, contact your U.S. congressperson here.

SteveJack is a long-time Macintosh user, former web designer, multimedia producer and a regular contributor to the MacDailyNews Opinion section.

[Thanks to MacDailyNews Reader “Steve Krischer” for the heads up.]

Related articles:
U.S. Government approves Samsung Galaxy devices for classified use – October 22, 2014

Samsung Android-based Knox security suite contains serious security flaw – December 27, 2013
Google has already inserted some U.S. NSA code into Android – July 10, 2013

‘World’s most secure Android Phone’ hacked in under 5 minutes at DefCon Hacking Conference – August 12, 2014
Surveillance companies hate Apple’s impenetrable iPhones, iPads; Android infinitely more exploitable than iOS – August 12, 2014
Crucial security flaw found in Google Play: Thousands of secret keys found in Android apps – June 19, 2014
With iOS 8, Apple makes iOS even more secure ahead of smartphone security competition – June 10, 2014
iOS 8′s extensions explained: Opening the platform while keeping it secure – June 9, 2014
New iOS 8 feature lets users cloak their iPhones from tracking by retailers, marketers, other companies – June 9, 2014
New malware takes Android phones hostage, demands ransom for unlock – June 5, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010

35 Comments

    1. Obviously, you are all xenophobic S.O.B.s . There is absolutely no truth to these rumors and assertions! Be civil. And give Samsung a free pass. /sarcasm

  1. Who was the idiot that signed off on the final determination to approve Samsung devices for sensitive communications? We’ll probably never know. But that would be a REAL story worth reading.

  2. How could the U.S. government approve an insecure POS like Samsung devices? Three possible explanations spring to mind.

    1. As MDN notes, someone is on the take.
    2. The NSA wants to keep tabs on its government comrades to keep them in line.
    3. Our government is full of incompetent idiots.

    Hard to choose the most likely possibility.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.