Printed from http://www.electronista.com

Researchers: Galaxy S4 'Knox' implementation flawed, can leak data

updated 09:19 pm EST, Tue December 24, 2013

Malicious apps can infect other secure devices on the same network

Researchers at Israel's Ben-Gurion University have discovered a vulnerability in the touted Samsung Knox security suite found on the flagship Galaxy S4. The flaw reportedly could allow a maliciously-crafted piece of software to track and record communications, including text messages and emails -- and an infected phone could even infect other phones within a secured network, such as those being tested by the US Department of Defense.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android."

"The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture," said Dudu Mimran, the Ben-Gurion University's chief technical officer. The university classifies the flaw as a "category one" vulnerability, the most severe in the range, allowing for remote attacks of a secure network.

"It is not surprising that Knox, much like all software, has some unintended weaknesses," said Patrick Traynor, computer science professor at the Georgia Institute of Technology. "However, this problem appears to be serious enough that it should be patched immediately."

Samsung is looking into the allegation saying that the company "takes all security vulnerability claims very seriously." However, the Korean manufacturer also claims that the problem isn't as serious as the researcher says, and notes that "the threat appears to be equivalent to some well-known attacks" without elaborating further on the other vectors of attack. "Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware," Samsung concluded.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. iphonerulez

    Dedicated MacNNer

    Joined: 11-28-08

    It's been said that no security measure is perfect and that someone will always find a way to beat it if given enough time and effort. The best that can ever be done is to make beating the security as difficult as possible within a given time period.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Sponsor

toggle

Most Commented

 
toggle

Popular News