Samsung Knox is affected by a serious flaw, the discovery was made by an Israeli security researcher, Mordechai Guri, from the Ben-Gurion University of the Negev’s Cyber Security Labs.
Samsung Knox is the enterprise Android-based platform designed to provide security features that enable business and personal content to coexist on the same device. Samsung Knox implements a security container to separate content it stores from outside.
According to a post published on the university’s website, Mordechai Guri has discovered a bug in Samsung Galaxy S4 model which could be exploited by an attacker to intercept communication data between the secure container of Knox platform and the files outside of it.
The security bug appears to affect only Galaxy S4 devices, the principle on which is based the Samsung Knox is that every Apps outside the container should never be able to access data stored within the container, meanwhile Apps within the container can access certain information outside the container depending on user settings.
“All data and communications that take place within the secure container are protected and even if a malicious application should attack the non-secure part all the protected data should be inaccessible under all circumstances. However, the newly found breach can be used to bypass all Knox security measures. By simply installing an “innocent” app on the regular phone (in the non-secure container) all communications from the phone can be captured and exposed. “
Samsung Knox is widely adopted by many private companies, organizations and government agencies and a similar vulnerability could cause a serious data breach.
Let’s remember that Samsung Knox-enabled Android devices received the approval for military networks back in May, a further good motivation to fix asap the bug.
“We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.” said Mordechai Guri.
“To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately. The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models” commented Dudu Mimran, the Chief Technology Officer of BGU’s Cyber Security Labs.
Despite Samsung reported to The Wall Street Journal internal investigation revealed that the security flaw is not considerable so dangerous, I believe that anyway the necessary approach in cases like this is to prevent incidents fixing as soon as possible the vulnerability.
(Security Affairs – Samsung Knox, Android)