Printed from http://www.electronista.com

Samsung: Knox not flawed, data interception Android's problem

updated 05:49 pm EST, Fri January 10, 2014

Google and Samsung collaborate on report refuting security risk

Responding to allegations of problems with its vaunted Knox security suite, Samsung has said that a problem identified at the end of 2013 is not specific to Galaxy devices. Samsung, in conjunction with Google blame "legitimate Android functions" for the flaw, noting that customers who use "standard security technologies" would have prevented an attack.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android," yet appears to blame Android for this particular flaw.

Samsung says in its statement regarding the issue that "after discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from and to applications on the mobile device. This research did not identify a flaw or bug in Samsung Knox or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data."

It added that the research specifically "showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that's not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application."

Mobile security professor Patrick Traynor noted in Samsung's statement that "proper configuration of mechanisms available within Knox appears to be able to address the previously-published issue. Samsung should strongly encourage all of their users to take advantage of those mechanisms to avoid this and other common security issues."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Tesoro Tizona G2N Elite gaming keyboard

The market for gaming keyboards is getting crowded, starting off with some fairly simple keyboards and diverging into the land of modu ...

Sponsor

toggle

Most Commented

 
toggle

Popular News