Printed from http://www.electronista.com

Samsung: Knox not flawed, data interception Android's problem

updated 05:49 pm EST, Fri January 10, 2014

Google and Samsung collaborate on report refuting security risk

Responding to allegations of problems with its vaunted Knox security suite, Samsung has said that a problem identified at the end of 2013 is not specific to Galaxy devices. Samsung, in conjunction with Google blame "legitimate Android functions" for the flaw, noting that customers who use "standard security technologies" would have prevented an attack.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android," yet appears to blame Android for this particular flaw.

Samsung says in its statement regarding the issue that "after discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from and to applications on the mobile device. This research did not identify a flaw or bug in Samsung Knox or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data."

It added that the research specifically "showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that's not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application."

Mobile security professor Patrick Traynor noted in Samsung's statement that "proper configuration of mechanisms available within Knox appears to be able to address the previously-published issue. Samsung should strongly encourage all of their users to take advantage of those mechanisms to avoid this and other common security issues."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News