By Steve Ragan, CSO | July 10th, 2014
On Wednesday, a report from Forbes left some security experts scratching their heads, when a contributor for the publication reported that Samsung was throwing in the towel on the Knox platform.
Forbes contributor Bob Egan, who is the executive adviser and founder of the Sepharim Group, Samsung is walking away from Knox; a platform for Android designed to create secured environments to split personal and professional data on Samsung devices such as those in the Galaxy series.
“After 18 months of going it alone and spending untold sums of money on development and marketing, Samsung is throwing in the towel on Knox. Google is stepping up to take the lead on Android security,” Egan wrote.
“The move by Samsung is not surprising, considering Samsung’s 24% drop in operating profit and 10% drop in sales for the three months ended June 30th. And despite a lot of hype, Knox market take rate is a miserable at <2%.”
The Forbes article went to print just over a month after Samsung announced that the Department of Defense had added five of their products (each using the Knox platform) to the Defense Information Systems Agency’s approved device list.
The claim also led many to question the announcements involving Knox made during Google’s I/O conference, where Knox was touted as a major aspect to Android L, Google’s newest offering for enterprise customers.
As mentioned, Knox is Samsung’s answer to enterprise customer demands for stronger Android offering. Overall, it’s not a widely used platform, but now that the Department of Defense has approved it, analysts see this as a chance for growth – a set of opinions backed by Google’s focus on it during I/O.
However, Samsung disagreed with the Forbes article.
In a statement, the company said they have no plans to stop development on the platform, adding that Google’s usage of Knox technology for Android L, was their way of contributing something to benefit the Android community.
“Samsung is committed to the long term evolution of mobile security and the ongoing development of Samsung KNOX. While Samsung is contributing a part of KNOX technology for the benefit of the entire Android community and enterprise customers, Samsung KNOX remains the most secure Android platform from the hardware to the application level. Samsung will continue to work with our partners to enable KNOX for all of our valued customers. Our list of enterprise and government clients continues to grow rapidly, and is a testament to our commitment to providing highly-desirable, secure mobile devices across all industries.”
Earlier this year, the stability and security of Knox was questioned by researchers at Israel’s Ben-Gurion University of the Negev. The researchers said that Knox suffered from a serious flaw that could allow an attacker the ability to monitor emails or record calls.
However, after discussing the issue with Google, Samsung issued a statement that said the exploit the researchers used in their work took advantage of flaws in legitimate Android network functions. What it didn’t do, Samsung’s statement added, was exploit a flaw in the Knox platform.
In fact, what the researchers described was “a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data. The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet.”