Huge Security Threat Spotted in Samsung’s KNOX Security Software

  • 24 December 2013
  • 3 replies
  • 4 views

Userlevel 7
Badge +54
Samsung KNOX, the company’s bid for the enterprise market with a promise of total smartphone security, may not be as safe as the South Korean tech titan claims. A team of Israeli researchers are pointing to a single hack that could compromise the software, The Wall Street Journal reports.

The cyber-security team, working out of a university in southern Israel, claims the hack could give someone access to emails and data communications, compromising KNOX’s promise to run certain apps inside a secure field. Samsung’s security software is pre-installed on the Galaxy Note 3 and comes with the update to Android 4.3 for other devices including the Galaxy S4, Galaxy S III and Galaxy Note II.

 
Full Topic

3 replies

Userlevel 7
I am curious about this software. I have a Galaxy S III with the just -released 4.3 update, but it does not contain KNOX. I also can't find this on the play store.
 
I have a little research to do!
Userlevel 7
Badge +54
Samsung has collaborated with Google to produce the following public response to the recent report from Ben-Gurion University researchers on a vulnerability in Samsung KNOX.

Recently, there have been reports that security researchers from Ben-Gurion University Cyber Security Labs found a vulnerability on a Samsung Galaxy S4 device with the KNOX security platform.

After discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device. This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data. The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. 
 
Full Response
Userlevel 7
The following article is a update

(Knocking Knox: Samsung DENIES vuln claims, says mysterious blogger is a JOKER)

By John Leyden, 26 Oct 2014
 
A damning security critique against Samsung's US government-approved Knox system has been dismissed by the South Korean tech giant.
Earlier this week, Knox was given the green light for use on classified Stateside government networks and data.
 
Samsung had became the "first consumer mobile device manufacturer validated to handle the full range of classified information in the US", the company's security unit boasted.
Days later, an anonymous, newbie German blogger attempted to spoil Samsung's g-men party with a lengthy critique of the system.
 
Full Article

Reply