Printed from http://www.electronista.com

Samsung: Knox not flawed, data interception Android's problem

updated 05:49 pm EST, Fri January 10, 2014

Google and Samsung collaborate on report refuting security risk

Responding to allegations of problems with its vaunted Knox security suite, Samsung has said that a problem identified at the end of 2013 is not specific to Galaxy devices. Samsung, in conjunction with Google blame "legitimate Android functions" for the flaw, noting that customers who use "standard security technologies" would have prevented an attack.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android," yet appears to blame Android for this particular flaw.

Samsung says in its statement regarding the issue that "after discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from and to applications on the mobile device. This research did not identify a flaw or bug in Samsung Knox or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data."

It added that the research specifically "showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that's not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application."

Mobile security professor Patrick Traynor noted in Samsung's statement that "proper configuration of mechanisms available within Knox appears to be able to address the previously-published issue. Samsung should strongly encourage all of their users to take advantage of those mechanisms to avoid this and other common security issues."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News