12-24-2013 10:18 AM
Samsung KNOX, the company’s bid for the enterprise market with a promise of total smartphone security, may not be as safe as the South Korean tech titan claims. A team of Israeli researchers are pointing to a single hack that could compromise the software, The Wall Street Journal reports.
The cyber-security team, working out of a university in southern Israel, claims the hack could give someone access to emails and data communications, compromising KNOX’s promise to run certain apps inside a secure field. Samsung’s security software is pre-installed on the Galaxy Note 3 and comes with the update to Android 4.3 for other devices including the Galaxy S4, Galaxy S III and Galaxy Note II.
12-26-2013 01:07 PM
I am curious about this software. I have a Galaxy S III with the just -released 4.3 update, but it does not contain KNOX. I also can't find this on the play store.
I have a little research to do!
01-11-2014 12:03 PM
Samsung has collaborated with Google to produce the following public response to the recent report from Ben-Gurion University researchers on a vulnerability in Samsung KNOX.
Recently, there have been reports that security researchers from Ben-Gurion University Cyber Security Labs found a vulnerability on a Samsung Galaxy S4 device with the KNOX security platform.
After discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device. This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data. The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet.