Thread Closed

Samsung KNOX 2.0 = NSA 3.0 ?

OP E:V:A

3rd June 2014, 02:05 PM   |  #1  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 1,812
 
1,352 posts
Join Date:Joined: Dec 2011
The Main Problem with KNOX

Is that end-users are left-out cold without any form of privacy control.
As cool as MDM is to the "enterprise" developer and from a hacker's
perspective, there's nothing attractive with this to the end-user. How
can the end-user be certain that his store-bought KNOX enabled device,
hasn't already been compromised by some "enterprise"?

Without fully transparent, open source and public KNOX documentation,
this will be practically impossible to answer. As far as we know from
recent past experiences, on how "curious" enterprises like Google,
Samsung and NSA have been, why should we trust them this time? Or what
about the mobile service providers themselves? We know from many recent
examples how companies like Verizon and AT&T have been spying on their
customers before.

What follows is a few enlightening excerpts from the latest KNOX
white-paper
. Before reading this and having recent major KNOX related
developer issues, I have gone from a "KNOX-who-cares" person, to a vivid
Anti-KNOX-er! I will most likely stay that way, at least until our
devices are sold without KNOX, and only available as a voluntary device
add-on/feature, using open source as it's basis.

What about you? Would you be happy to walk around the streets with a
laptop that has a remote access tool that constantly tracks your every
move, picture, sound and friends you meet and call, all while not
informing of any of that? While being way beyond you control? In fact,
you will not even have any choice, if Godzilla and Samsung gets their
way, in the next year.

Attestation

Attestation offers verification of a mobile device's core system
software i.e, the boot loaders and the kernel, at runtime based on the
measurement data collected during trusted boot. Attestation can be
requested at any time by the enterprise's Mobile Device Management (MDM)
system. All security critical operations of attestation are performed in
Trustzone.

When requested, the Attestation feature reads the previously stored
measurement information and the fuse value (see Trusted Boot above) and
combines these data to produce an Attestation "verdict". This verdict,
which essentially an indicate for whether tampering has occured, is
simply returned to the requesting MDM. The Attestation result is
returned to the requesting MDM server with a signature based on the
device's unique "Attestation Certificate" that is configured in the
device during the manufacturing process. This ensures that the
Attestation verdict cannot be altered during transfer.

Any further action is determined by the enterprise's MDM security
policy. It might choose to detach from the device, erase the contents of
the secure application container, ask for the location of the device, or
any of many other possible security recovery procedures.

The KNOX Container

...

The enterprise can manage the container like any other IT asset using an
MDM solution. Samsung KNOX supports many of the leading MDM solutions on
the market. Container management is affected by setting policies in the
same fashion as those traditional MDM policies. Samsung KNOX Container
includes a rich set of policies for authentication, data security, VPN,
email, application blacklisting, whitelisting, etc.

...

The new container also allows enterprise IT administrators to control
the flow of information between the container and the rest of the
device. This allows enterprises to strike the right balance between
security and user productivity. Users can also control the data sharing
capability based on their personal preferences, within the limits
specified by the enterprise IT administrator.


Mobile Device Management (MDM)

Enrolling an Android device into a companyís MDM system typically begins
with the user downloading the agent application from the Google Play
store and then configuring it for work. Enterprises are facing
increasing help desk calls as more and more users are activating mobile
devices for work and run into issues during this process. In addition
the user is presented with prompts, privacy policies and license
agreements at various stages resulting in a poor overall experience.

The KNOX platform provides a unified enrollment solution that is simple
and intuitive, and eliminates many steps in the enrollment process.

The process begins with the employee navigating to a web page and
clicking on an enrollment link. The link to the original web page may be
provided to the employee via an e-mail or SMS, or via the companyís
internal or external website. Clicking on the enrollment link brings up
a screen that prompts for the userís corporate email address. The device
then displays all notices for the user to accept, which include privacy
policies and agreements from Samsung, the MDM vendor and the enterprise.
Upon accepting the terms, the user is directed to a screen to enter the
password for the corporate account. If authentication is successful the
enrollment is complete. Any agent application required by the MDM server
is automatically downloaded and installed, without user intervention.

MDM vendors can take advantage of this feature and simplify the
onboarding process for enterprise users and significantly improve the
user experience and reduce support costs.

In a nutshell, this is legalized control and spying.
The Following 3 Users Say Thank You to E:V:A For This Useful Post: [ View ]
6th June 2014, 02:58 PM   |  #2  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,056
 
3,855 posts
Join Date:Joined: Feb 2010
Donate to Me
More
I believe the quoted features have to be enabled by the company paying for the subscription (ie employer providing the devices), which is pretty standard MDM. If you are going to agree to use a MDM (as such an employee would have to) I see no issue here unless I am missing something.

I would be much more worried about abuse of the baseband, than MDM software which isn't enabled by default. Much more likely, and better target.

Quote:
Originally Posted by E:V:A

The Main Problem with KNOX

Is that end-users are left-out cold without any form of privacy control.
As cool as MDM is to the "enterprise" developer and from a hacker's
perspective, there's nothing attractive with this to the end-user. How
can the end-user be certain that his store-bought KNOX enabled device,
hasn't already been compromised by some "enterprise"?

Without fully transparent, open source and public KNOX documentation,
this will be practically impossible to answer. As far as we know from
recent past experiences, on how "curious" enterprises like Google,
Samsung and NSA have been, why should we trust them this time? Or what
about the mobile service providers themselves? We know from many recent
examples how companies like Verizon and AT&T have been spying on their
customers before.

What follows is a few enlightening excerpts from the latest KNOX
white-paper
. Before reading this and having recent major KNOX related
developer issues, I have gone from a "KNOX-who-cares" person, to a vivid
Anti-KNOX-er! I will most likely stay that way, at least until our
devices are sold without KNOX, and only available as a voluntary device
add-on/feature, using open source as it's basis.

What about you? Would you be happy to walk around the streets with a
laptop that has a remote access tool that constantly tracks your every
move, picture, sound and friends you meet and call, all while not
informing of any of that? While being way beyond you control? In fact,
you will not even have any choice, if Godzilla and Samsung gets their
way, in the next year.

Attestation

Attestation offers verification of a mobile device's core system
software i.e, the boot loaders and the kernel, at runtime based on the
measurement data collected during trusted boot. Attestation can be
requested at any time by the enterprise's Mobile Device Management (MDM)
system. All security critical operations of attestation are performed in
Trustzone.

When requested, the Attestation feature reads the previously stored
measurement information and the fuse value (see Trusted Boot above) and
combines these data to produce an Attestation "verdict". This verdict,
which essentially an indicate for whether tampering has occured, is
simply returned to the requesting MDM. The Attestation result is
returned to the requesting MDM server with a signature based on the
device's unique "Attestation Certificate" that is configured in the
device during the manufacturing process. This ensures that the
Attestation verdict cannot be altered during transfer.

Any further action is determined by the enterprise's MDM security
policy. It might choose to detach from the device, erase the contents of
the secure application container, ask for the location of the device, or
any of many other possible security recovery procedures.

The KNOX Container

...

The enterprise can manage the container like any other IT asset using an
MDM solution. Samsung KNOX supports many of the leading MDM solutions on
the market. Container management is affected by setting policies in the
same fashion as those traditional MDM policies. Samsung KNOX Container
includes a rich set of policies for authentication, data security, VPN,
email, application blacklisting, whitelisting, etc.

...

The new container also allows enterprise IT administrators to control
the flow of information between the container and the rest of the
device. This allows enterprises to strike the right balance between
security and user productivity. Users can also control the data sharing
capability based on their personal preferences, within the limits
specified by the enterprise IT administrator.


Mobile Device Management (MDM)

Enrolling an Android device into a companyís MDM system typically begins
with the user downloading the agent application from the Google Play
store and then configuring it for work. Enterprises are facing
increasing help desk calls as more and more users are activating mobile
devices for work and run into issues during this process. In addition
the user is presented with prompts, privacy policies and license
agreements at various stages resulting in a poor overall experience.

The KNOX platform provides a unified enrollment solution that is simple
and intuitive, and eliminates many steps in the enrollment process.

The process begins with the employee navigating to a web page and
clicking on an enrollment link. The link to the original web page may be
provided to the employee via an e-mail or SMS, or via the companyís
internal or external website. Clicking on the enrollment link brings up
a screen that prompts for the userís corporate email address. The device
then displays all notices for the user to accept, which include privacy
policies and agreements from Samsung, the MDM vendor and the enterprise.
Upon accepting the terms, the user is directed to a screen to enter the
password for the corporate account. If authentication is successful the
enrollment is complete. Any agent application required by the MDM server
is automatically downloaded and installed, without user intervention.

MDM vendors can take advantage of this feature and simplify the
onboarding process for enterprise users and significantly improve the
user experience and reduce support costs.

In a nutshell, this is legalized control and spying.

7th June 2014, 01:16 PM   |  #3  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 1,812
 
1,352 posts
Join Date:Joined: Dec 2011
Quote:
Originally Posted by jcase

I believe the quoted features have to be enabled by the company paying for the subscription (ie employer providing the devices), which is pretty standard MDM. If you are going to agree to use a MDM (as such an employee would have to) I see no issue here unless I am missing something.

I would be much more worried about abuse of the baseband, than MDM software which isn't enabled by default. Much more likely, and better target.

I don't know to what extent you're playing devils advocate, but I am still a bit surprised, you can't see any issues with this.

The issue is, that we're not able to see how this enabling mechanism work, and therefore cannot even make any half-baked guess if this is actually secure, or can be easily broken, abused or circumvented, if not so, already. In addition the MDM software is enabled by default, at least as far as my processes and device drivers present, shows. It's just not visibly activated, until you go through the signup procedures. Furthermore it seem that the MDM features are very well weaved into the baseband functionality. Not that baseband is using MDMD, but that MDM makes extensive use of the baseband and features not documented. But to what extent that is true, I can 't really say at this time, as I have not spent any time on it.

One more thing. They say that KNOX is a security "addition" to the default SELinux policies, but that is not the whole story. Actually it seem more that KNOX is replacing or overriding the SEL policies already present. How can we actually test and see this, when we're not even allowed (or given) the tools to do so?
Last edited by E:V:A; 7th June 2014 at 01:22 PM.
7th June 2014, 03:58 PM   |  #4  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,056
 
3,855 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by E:V:A

I don't know to what extent you're playing devils advocate, but I am still a bit surprised, you can't see any issues with this.

The issue is, that we're not able to see how this enabling mechanism work, and therefore cannot even make any half-baked guess if this is actually secure, or can be easily broken, abused or circumvented, if not so, already. In addition the MDM software is enabled by default, at least as far as my processes and device drivers present, shows. It's just not visibly activated, until you go through the signup procedures. Furthermore it seem that the MDM features are very well weaved into the baseband functionality. Not that baseband is using MDMD, but that MDM makes extensive use of the baseband and features not documented. But to what extent that is true, I can 't really say at this time, as I have not spent any time on it.

One more thing. They say that KNOX is a security "addition" to the default SELinux policies, but that is not the whole story. Actually it seem more that KNOX is replacing or overriding the SEL policies already present. How can we actually test and see this, when we're not even allowed (or given) the tools to do so?

I'm not playing devils advocate, I'm saying that I don't think this is the route the NSA would take.
7th June 2014, 04:03 PM   |  #5  
Senior Member
Thanks Meter: 18
 
194 posts
Join Date:Joined: Mar 2013
More
Question puzzled
I don't get it - I thought "knox" was just that thing that counts how many times you've flashed a custom rom (which can easily be removed and reset).


b
7th June 2014, 04:15 PM   |  #6  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,056
 
3,855 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by jcase

I'm not playing devils advocate, I'm saying that I don't think this is the route the NSA would take.

We are not able to see how any closed source security component works, and you investigate it the same way you investigate any closed source feature.
7th June 2014, 04:58 PM   |  #7  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 1,812
 
1,352 posts
Join Date:Joined: Dec 2011
Quote:
Originally Posted by jcase

I'm not playing devils advocate, I'm saying that I don't think this is the route the NSA would take.

I think it's pointless to speculate in which route they would take, as they would certainly take whatever route available to accomplish their mission. Together with Google own INSTALL ASSET methods, MDM makes that even more simple on Samsungs.

I'm sure we'll see more posts like this in the near future.
FYI - How the NSA can 'turn on' your phone
7th June 2014, 05:01 PM   |  #8  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,056
 
3,855 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by E:V:A

I think it's pointless to speculate in which route they would take, as they would certainly take whatever route available to accomplish their mission. Together with Google own INSTALL ASSET methods, MDM makes that even more simple on Samsungs.

I'm sure we'll see more posts like this in the near future.
FYI - How the NSA can 'turn on' your phone

I'll make sure to remove such paranoia posts in the future, one is enough. I think a baseband attack is more likely, as it is more likely to impact more phones, from more OEMs, running more firmwares etc. The baseband is much harder to investigate as well, less people looking at it, more potential for bugs living longer, easier not to get noticed.
7th June 2014, 05:20 PM   |  #9  
E:V:A's Avatar
OP Recognized Developer
Flag -∇ϕ
Thanks Meter: 1,812
 
1,352 posts
Join Date:Joined: Dec 2011
Quote:
Originally Posted by jcase

I'll make sure to remove such paranoia post in the future, one is enough. I think a baseband attack is more likely, as it is more likely to impact more phones, from more OEMs, running more firmwares etc. The baseband is much harder to investigate as well, less people looking at it, more potential for bugs living longer, easier not to get noticed.

Well, I'm not sure that post fulfill all the criteria of "paranoia", especially since it is mostly grounded in truth, apart from the CNN journalism. But my point is already there. When people have no insight or control over what's happening in their pockets, they start getting religiously paranoid. I guess from an anthropological point of view, paranoia has some kind of good survival function for the group. So it serves well as a counter balance to being completely ignorant.
7th June 2014, 05:26 PM   |  #10  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,056
 
3,855 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by E:V:A

Well, I'm not sure that post fulfill all the criteria of "paranoia", especially since it is mostly grounded in truth, apart from the CNN journalism. But my point is already there. When people have no insight or control over what's happening in their pockets, they start getting religiously paranoid. I guess from an anthropological point of view, paranoia has some kind of good survival function for the group. So it serves well as a counter balance to being completely ignorant.

It has been removed from the security forum, it is a copy paste of an article reportedly from cnn (no source link to back that), without any citations to the claims made. I will make a better effort to keep the forum accurate, and fud free in the future.

It has factual inaccuracies, and seems to be just a promo piece for a custom Android ROM that indeed has it's own issues.

Thread Closed Subscribe to Thread

Tags
knox, privacy, spying
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Security Discussion by ThreadRank