Samsung KNOX 1.0 Weak eCryptFS Key Generation

Samsung KNOX 1.0 Weak eCryptFS Key Generation ≈ Packet Storm: The vulnerability allows disclosure of Data-at-Rest of Samsung KNOX 1.0 containers.

KNOX container data is encrypted using eCryptFS containers. The same form of encryption is applied to both container application data and sdcard content.

To provide eCryptFS the required a 32-byte AES key, KNOX produces a combination of the user’s password (minimum 7 chars) and 32 random bytes (denoted as the TIMA key).

The TIMA key is generated during the first container creation and stored aside for later use in creating the eCryptFS key.

The vulnerability itself is in the generation of the eCryptFS-key from the password and the TIMA key.