Samsung explains the "serious vulnerability" in KNOX is actually a common MitM network attack

Samsung explains the
Last December, researchers at Israel's Ben-Gurion University of the Negev warned of a vulnerability in Samsung's KNOX security system, featured in Galaxy S and Galaxy Note devices. The alleged loophole could let malware track emails and data communications, and in the worst scenario, have a hacker modify data and deploy malicious code within the supposedly secure device.

About three weeks later, Samsung's KNOX team has published an official statement in its blog, regarding the revelation. According to the post, Samsung has collaborated with the Israeli researchers in a further investigation, which hasn't discovered any flaws or bugs in KNOX that could cause this particular vulnerability.

Apparently, the security gap in question is not due to a weakness in KNOX. The alleged “exploit” is actually a common attack which makes illicit use of "legitimate Android network functions" to intercept unencrypted network connections from and to apps on a mobile device. This is also known as the "Man in the Middle (MitM)" approach, which makes it possible to “eavesdrop” on a network and hijack messages sent between its points.

Samsung points out that KNOX is equipped with additional protections against this type of network attack - Mobile Device Management, Per-APP VPN, and FIPS 140-2. According to professor Patrick Traynor at the Georgia Institute of Technology, who was involved in research for KNOX, users should be encouraged to take advantage of those mechanisms to avoid this and other common security issues.



1. blinkdagger

Posts: 81; Member since: May 04, 2012

Dear sammy, Built another series lineup (galaxy enterprise??). Put your knox in there. Leave us alone! We don't want knox!

4. xfire99

Posts: 1207; Member since: Mar 14, 2012

KNOX is nice to use. Peoples dislike KNOX, cause it will VOID warranty if it got triggered when ROOTING the device. But not all Samsung center do refuse to repair if KNOX got triggered and its different from each Samsung Center to decide to repair or not. Samsung technicians do care more about custom flash counts then KNOX triggering. Custom flash "ROMs" can damage the phone and KNOX triggering wont do any damage to the phone.

2. kamen

Posts: 103; Member since: Jul 18, 2011

I remember one company - SnapChat - saying something similar to Samsung's statement ("Meh, that's nothing") and then having a massive leak of phones and names :) Then apologizing:

3. clarkjeferson

Posts: 67; Member since: Dec 22, 2013

I got snapchat.

5. Awalker

Posts: 1986; Member since: Aug 15, 2013

Samsung is saying this is a vulnerability inherent to Android and that they've taken steps to lower the risk of an attack with Knox. In other words with or without Knox the security gap would still be there.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.