“Samsung ships its Knox software on the company’s higher-end Android-based Galaxy smartphones, phablets and tablets, aimed at enabling sales to enterprise and government clients who have sensitive security needs, in a bid to take on Apple’s extensive lead in enterprise sales.,” Daniel Eran Dilger reports for AppleInsider. “”
“Two days ago, Samsung announced that the U.S. government had approved a series of new devices ‘for use with classified government networks and data. All devices and capabilities incorporate security features powered by Samsung KNOX,’ and were added to the ‘Commercial Solutions for Classified (CSfC) Program Component List,'” Dilger reports. “The company’s chief executive JK Shin stated in a press release that ‘the inclusion of Samsung mobile devices on the CSfC list proves the unmatched security of Samsung Galaxy devices supported by the KNOX platform.'”
Dilger reports, “Earlier today, however, a software researcher published findings showing that Samsung’s Knox app stores the user’s password “hint” PIN in plain text on the device… Samsung’s Knox security layer for Android generates weak encryption keys, stores passwords locally and gives users login hints in a fatal ‘security by obscurity’ design ‘compromising the security of the product completely,'” a researcher has detailed.”
Read more in the full article here.
MacDailyNews Take: Somebody has be on the take.
U.S Government Intelligence. The oxymoron that keeps on giving.
Why would the U.S. government choose an insecure mobile operating system on devices from a South Korean convicted infringer of a U.S. company’s patented intellectual property over said U.S. company’s vastly more secure products?
Could it be due to the fact that Google has already inserted some U.S. National Security Agency (NSA) code into Android while Apple does not accept code from any government agencies for any of their operating systems or any other products?
Nah, couldn’t be. That doesn’t make any sense at all. I must be craaazzzy!
I long for a simpler time. A saner time. A time when rewarding foreign companies that have been convicted of repeatedly and blatantly stealing intellectual property from U.S. companies with contracts financed with U.S. taxpayer money would be utterly unthinkable, not rubber-stamped.
Along with U.S. taxpayers who value their hard-earned money, any U.S. representative worth his or her salt should be livid right about now. That only one or two might be (if we’re even that lucky), is a pitiful testament to the absolutely clueless, generally moronic, and largely worthless dreck that fouls the houses of the U.S. Congress today.
Will some U.S. Congressperson or Senator finally luck out and stumble into a clue, then stand up and ask WTF is really going on here?
If not, a plague on both your houses, you unpatriotic fools.
U.S. citizens, contact your U.S. congressperson here.
SteveJack is a long-time Macintosh user, former web designer, multimedia producer and a regular contributor to the MacDailyNews Opinion section.
[Thanks to MacDailyNews Reader “Steve Krischer” for the heads up.]
Related articles:
U.S. Government approves Samsung Galaxy devices for classified use – October 22, 2014
Samsung Android-based Knox security suite contains serious security flaw – December 27, 2013
Google has already inserted some U.S. NSA code into Android – July 10, 2013
‘World’s most secure Android Phone’ hacked in under 5 minutes at DefCon Hacking Conference – August 12, 2014
Surveillance companies hate Apple’s impenetrable iPhones, iPads; Android infinitely more exploitable than iOS – August 12, 2014
Crucial security flaw found in Google Play: Thousands of secret keys found in Android apps – June 19, 2014
With iOS 8, Apple makes iOS even more secure ahead of smartphone security competition – June 10, 2014
iOS 8′s extensions explained: Opening the platform while keeping it secure – June 9, 2014
New iOS 8 feature lets users cloak their iPhones from tracking by retailers, marketers, other companies – June 9, 2014
New malware takes Android phones hostage, demands ransom for unlock – June 5, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010
Ironic – US government approving a Korean company’s software for secure transactions.
Can anyone say “back door”…
Nah, this isn’t a back door. This is a steel door with a crappy lock. . . and the key to that lock under the door mat.
Samsung, Knox, Android…
What security?
What a HUGE surprise- I am completely stunned and saddened by this development.
/s
Lucy Koh will object this.
… because she’s compromised, too.
one big fat backdoor
And then there’s the phone.
Obviously, you are all xenophobic S.O.B.s . There is absolutely no truth to these rumors and assertions! Be civil. And give Samsung a free pass. /sarcasm
*gold star*
ok- this made my day. I was waiting for this .Someone had to be on the take to approve anything from Samsung. OF COURSE ITS NOT SAFE
Is anyone surprised?
I was waiting for something like this to break, but didn’t expect it so soon! (1 day after being approved by the US gov’t).
A giant piece of shiiiiiiit.
Now the US is buying more damn dung from Samsung. WTF? lol
Who was the idiot that signed off on the final determination to approve Samsung devices for sensitive communications? We’ll probably never know. But that would be a REAL story worth reading.
How could the U.S. government approve an insecure POS like Samsung devices? Three possible explanations spring to mind.
1. As MDN notes, someone is on the take.
2. The NSA wants to keep tabs on its government comrades to keep them in line.
3. Our government is full of incompetent idiots.
Hard to choose the most likely possibility.
All of the above.
Samesung security, not secure?
Maybe the US Gov used the same clearance firm that vetted Edward Snowden, once again demonstrating the viability of the privatization as a solution to inefficiency. Admittedly it does efficiently move money from the taxpayer to the fat cat friends of the politicians and high level deciders. One trend worth noting – the slope of the downward trends of the quality of decisions in all 3 branches of the US government is increasing.
In an article about the insecurity of a private company, you are arguing that the government should do more privatization?
Successful companies do better than the government.
Failed companies do a lot worse.
Arguments for privatization have to be prepared for latter to happen, not just the former.
I think it’s pretty clear that SeanD was saying that privatization is generally a bad idea. He agrees with you.
I also think your final point is a VERY good one: that privatization may sometimes result in better solutions than public agencies provide, but will also increase the number of catastrophic outcomes. For the kinds of things government provides (a base-line stable society), inefficiency is definitely worth having reliability.
Why doesn’t this headline have any impact on their stock? WTF… it’s up +1.65% If this was an Apple headline it would be a totally different story. Wake up Wall Street and dole out the punishment! Or is it not worth filling your pockets?
Just because it’s been added to the procurement list, doesn’t mean Government employees are going to buy it. It would be interesting to see the figures for actual US Government Procurement sales a fiscal quarter from now.
This certainly is good news, the U.S. government using Samsung’s Knox security is an enhancement to global security.
Come on, get real! Government approved it because they saw it could be compromised.
Hahaha….truly Pathetic!
Q: Was it obvious that Knox would turn out to be either security swiss cheese OR a total fraud?
A: YES.
#MyStupidGovernment at work.
Now the question: Is this gross technological incompetence? Or is this entirely deliberate?
Also: WHO is the incompetent party OR who deliberately made this software worthless cack? Could it be BOTH parties involved? –Wouldn’t that be a show stopper?
I vote for incompetence. Why would the government allow that information to be released if it was intentional?
Then again, just because the government supposedly approved Samsung devices for secure work doesn’t mean it will actually use Samsung devices. I sure as hell hope they don’t!
Earlier, I hadn’t realized that Apple gear was also on their purchases list. Excellent. As always, I appreciate competition within any choice situation. But I do very much hope the Knox infested crap is removed from the list as we know full well someone is going to buy the Samsung gear and get screwed for their bad, uninformed choice. I’d like my government to offer smart choices, with no option of buying utter crap.
Obastard Administration at is level best…they did the best they knew how!
And I should be surprised by this article because . . . ?
Not one damned thing will be done about this, and what’s more, the government will keep going with this contract, and totally ignore common sense. I don’t think that they should be buying anything from foreign vendors over American vendors unless they were the only source of the products needed.
さすが
What needs be said?
Here’s an interesting twist in the catastrophic history of Samsung gear security:
Samsung Turns to BlackBerry for Better Security
…BlackBerry announced on Thursday that Samsung would use server and phone management software as well as BlackBerry’s unique global network to improve security for Android phones and tablets aimed at government users….
Looking back on his first year at BlackBerry, Mr. Chen recalled that he once “unwisely” told a reporter that his wife used a Samsung Android phone.
“Now I feel somewhat redeemed,” he said.
Two cuckoo birds in the bush. I’ll keep Apple in my hand, thank you.