Printed from http://www.electronista.com

Researchers: Galaxy S4 'Knox' implementation flawed, can leak data

updated 09:19 pm EST, Tue December 24, 2013

Malicious apps can infect other secure devices on the same network

Researchers at Israel's Ben-Gurion University have discovered a vulnerability in the touted Samsung Knox security suite found on the flagship Galaxy S4. The flaw reportedly could allow a maliciously-crafted piece of software to track and record communications, including text messages and emails -- and an infected phone could even infect other phones within a secured network, such as those being tested by the US Department of Defense.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android."

"The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture," said Dudu Mimran, the Ben-Gurion University's chief technical officer. The university classifies the flaw as a "category one" vulnerability, the most severe in the range, allowing for remote attacks of a secure network.

"It is not surprising that Knox, much like all software, has some unintended weaknesses," said Patrick Traynor, computer science professor at the Georgia Institute of Technology. "However, this problem appears to be serious enough that it should be patched immediately."

Samsung is looking into the allegation saying that the company "takes all security vulnerability claims very seriously." However, the Korean manufacturer also claims that the problem isn't as serious as the researcher says, and notes that "the threat appears to be equivalent to some well-known attacks" without elaborating further on the other vectors of attack. "Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware," Samsung concluded.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. iphonerulez

    Fresh-Faced Recruit

    Joined: 11-28-08

    It's been said that no security measure is perfect and that someone will always find a way to beat it if given enough time and effort. The best that can ever be done is to make beating the security as difficult as possible within a given time period.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Samsung SmartCam HD Pro

Keeping an eye on the home while out and about these days is common practice, assisted by modern technology. Internet cameras became p ...

Fugoo Bluetooth speaker

It's rare to find a Bluetooth speaker that can cover a large array of needs. Generally, speakers are wrapped in a desktop-convenient d ...

Epson LW-600P

Label makers are traditionally simple machines that perform a single task which people feel they can either live with or without. In m ...

Sponsor

toggle

Most Commented

 
toggle

Popular News