Printed from http://www.electronista.com

Researchers: Galaxy S4 'Knox' implementation flawed, can leak data

updated 09:19 pm EST, Tue December 24, 2013

Malicious apps can infect other secure devices on the same network

Researchers at Israel's Ben-Gurion University have discovered a vulnerability in the touted Samsung Knox security suite found on the flagship Galaxy S4. The flaw reportedly could allow a maliciously-crafted piece of software to track and record communications, including text messages and emails -- and an infected phone could even infect other phones within a secured network, such as those being tested by the US Department of Defense.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android."

"The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture," said Dudu Mimran, the Ben-Gurion University's chief technical officer. The university classifies the flaw as a "category one" vulnerability, the most severe in the range, allowing for remote attacks of a secure network.

"It is not surprising that Knox, much like all software, has some unintended weaknesses," said Patrick Traynor, computer science professor at the Georgia Institute of Technology. "However, this problem appears to be serious enough that it should be patched immediately."

Samsung is looking into the allegation saying that the company "takes all security vulnerability claims very seriously." However, the Korean manufacturer also claims that the problem isn't as serious as the researcher says, and notes that "the threat appears to be equivalent to some well-known attacks" without elaborating further on the other vectors of attack. "Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware," Samsung concluded.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. iphonerulez

    Dedicated MacNNer

    Joined: 11-28-08

    It's been said that no security measure is perfect and that someone will always find a way to beat it if given enough time and effort. The best that can ever be done is to make beating the security as difficult as possible within a given time period.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

Sponsor

toggle

Most Commented

 
toggle

Popular News