Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Researchers: Galaxy S4 'Knox' implementation flawed, can leak data

Researchers: Galaxy S4 'Knox' implementation flawed, can leak data
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Dec 24, 2013, 09:19 PM
 
Researchers at Israel's Ben-Gurion University have discovered a vulnerability in the touted Samsung Knox security suite found on the flagship Galaxy S4. The flaw reportedly could allow a maliciously-crafted piece of software to track and record communications, including text messages and emails -- and an infected phone could even infect other phones within a secured network, such as those being tested by the US Department of Defense.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android."

"The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture," said Dudu Mimran, the Ben-Gurion University's chief technical officer. The university classifies the flaw as a "category one" vulnerability, the most severe in the range, allowing for remote attacks of a secure network.

"It is not surprising that Knox, much like all software, has some unintended weaknesses," said Patrick Traynor, computer science professor at the Georgia Institute of Technology. "However, this problem appears to be serious enough that it should be patched immediately."

Samsung is looking into the allegation saying that the company "takes all security vulnerability claims very seriously." However, the Korean manufacturer also claims that the problem isn't as serious as the researcher says, and notes that "the threat appears to be equivalent to some well-known attacks" without elaborating further on the other vectors of attack. "Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware," Samsung concluded.
( Last edited by NewsPoster; Dec 25, 2013 at 01:02 AM. )
     
Fresh-Faced Recruit
Join Date: Nov 2008
Status: Offline
Reply With Quote
Dec 24, 2013, 09:54 PM
 
It's been said that no security measure is perfect and that someone will always find a way to beat it if given enough time and effort. The best that can ever be done is to make beating the security as difficult as possible within a given time period.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 12:24 AM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2