Thursday, March 7, 2013

Samsung KNOX - security by obscurity?

Samsung is finally getting serious about security. Most people don't realize that Apple has had it for a while. I blogged about it a few months ago. One of the cons of Apple's solution was the lack of a mobile device management (MDM) solution of its own. Samsung KNOX seems to have some part of that baked in while relying on "enterprise preferred MDM vendor solution" to complete the solution.

It is not clear to me if KNOX is as good as iOS. It is nice that the files are encrypted but that is no use of the keys are easily accessed by an adversary. It is not clear how they are stored in the KNOX design. Apple's design is good: keys are generated randomly at factory and stored securely in the chip. If KNOX doesn't get this right, there is no value in its MDM or other security features. Until Samsung documents that part openly, I would call it security by obscurity...or security by marcom (marketing communications) :-)