Secure Containers in Android: the Samsung KNOX Case Study
This work addresses security risks for enterprises using BYOD by evaluating a widely deployed real-world product, though it is incremental as it focuses on a specific case study.
The researchers systematically assessed the security of Samsung KNOX, a secure container for Android used in BYOD scenarios, identifying design weaknesses and vulnerabilities through reverse engineering and attacker-inspired methods.
Bring Your Own Device (BYOD) is a growing trend among enterprises, aiming to improve workers' mobility and productivity via their smartphones. The threats and dangers posed by the smartphones to the enterprise are also ever-growing. Such dangers can be mitigated by running the enterprise software inside a "secure container" on the smartphone. In our work we present a systematic assessment of security critical areas in design and implementation of a secure container for Android using reverse engineering and attacker-inspired methods. We do this through a case-study of Samsung KNOX, a real-world product deployed on millions of devices. Our research shows how KNOX security features work behind the scenes and lets us compare the vendor's public security claims against reality. Along the way we identified several design weaknesses and a few vulnerabilities that were disclosed to Samsung.