Samsung explains the "serious vulnerability" in KNOX is actually a common MitM network attack

page 1
Last December, researchers at Israel's Ben-Gurion University of the Negev warned of a vulnerability in Samsung's KNOX security system, featured in Galaxy S and Galaxy Note devices. The alleged loophole could let malware track emails and data communications, and in the worst scenario, have a hacker modify data and deploy malicious code within the supposedly secure device.

About three weeks later, Samsung's KNOX team has published an official statement in its blog, regarding the revelation. According to the post, Samsung has collaborated with the Israeli researchers in a further investigation, which hasn't discovered any flaws or bugs in KNOX that could cause this particular vulnerability.

Apparently, the security gap in question is not due to a weakness in KNOX. The alleged “exploit” is actually a common attack which makes illicit use of "legitimate Android network functions" to intercept unencrypted network connections from and to apps on a mobile device. This is also known as the "Man in the Middle (MitM)" approach, which makes it possible to “eavesdrop” on a network and hijack messages sent between its points.

Samsung points out that KNOX is equipped with additional protections against this type of network attack - Mobile Device Management, Per-APP VPN, and FIPS 140-2. According to professor Patrick Traynor at the Georgia Institute of Technology, who was involved in research for KNOX, users should be encouraged to take advantage of those mechanisms to avoid this and other common security issues.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless