Pixel Envy

Written by Nick Heer.

Samsung Knox Stores PINs in Plain Text

“Ares”:

Samsung phones, like the Samsung Galaxy S4, are shipped with a preinstalled version of Samsung Knox. Samsung advertises Knox with the following:

“KNOX Workspace container improves the user experience, providing security for enterprise data by creating a secure zone in the employee’s device for corporate applications, and encrypting enterprise data both at rest and in motion. KNOX Workspace container provides users with an isolated and secure environment within the mobile device, complete with its own home screen, launcher, applications and widgets for easier, more intuitive and safe operation. Applications and data inside the container are separated.”

Searching around the internet to find specific information about Samsung Knox were not satisfying, as Samsung Knox is not open source. This was the reason to investigate Samsung Knox a little bit and lead to this analysis. Also today I read an article that the US government certified the use of Samsung Knox for their work and this was the reason to publish my analysis.

This sounds like something that’s definitely FBI approved.

Update: Link added. Whoops.