back to article Knocking Knox: Samsung DENIES vuln claims, says mysterious blogger is a JOKER

A damning security critique against Samsung's US government-approved Knox system has been dismissed by the South Korean tech giant. Earlier this week, Knox was given the green light for use on classified Stateside government networks and data. Samsung had became the "first consumer mobile device manufacturer validated to …

  1. Anonymous Coward
    Anonymous Coward

    Of course it's full of holes...

    "Samsung's US government-approved Knox system"

    I may be alone with this, but I think that in order to get US government approval, a system MUST have holes. Wouldn't want to make the NSA's job harder than necessary on their home turf, right?

    </no_longer_a_conspiracy_theory>

  2. Mage Silver badge

    Re: MUST have holes

    Only for ordinary consumers.

    Bruce Schneier explains well in a recent newsletter why government wouldn't want "backdoors" in their own stuff and why it's pretty silly for NSA to want them in stuff for ordinary consumers. Assume that whatever NSA can do, someone else can do.

  3. Dan 55 Silver badge
    Facepalm

    "using a password and PIN that was subsequently written into a "pin.xml" file in cleartext"

    That's the Samsung we all know and love. Why keep the PIN in a separate process in encrypted area of memory which isn't ever paged out and use a call to the process to compare a user-entered PIN with the encrypted stored PIN when you can write it straight to a file in plain text?

    1. BristolBachelor Gold badge

      Re: "using a password and PIN that was subsequently written into a "pin.xml" file in cleartext"

      But presumably "automount" means that the user doesn't want to/need to enter it (similar to the auto login account name and password being stored in clear text in the windows registry)

      1. Dan 55 Silver badge

        Re: "using a password and PIN that was subsequently written into a "pin.xml" file in cleartext"

        I don't think it matters if it's automounted or not, there's only one 'secure' container in Knox anyway.

        Samsung say "access to this key is strongly controlled", presumably part of that strong control includes the pin.xml bodge.

  4. Burke
    WTF?

    unbelievable and irresponsible

    "incorrect for Knox enterprise solutions"

    What about their consumer version?

  5. channel extended
    Coat

    Knox Knox

    Sounds more like Fred Knox than Fort Knox.

  6. Anonymous Coward
    Anonymous Coward

    False flag?

    US government "approves" it for internal use, hoping everyone thinks "it must be pretty secure", then NSA has easy pickings spying on everyone using it due to the numerous Swiss cheese like holes in it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like