NEWS
NEWS
NEWS
Samsung claims KNOX loophole not serious
Researchers at the Ben-Gurion University in Israel have discovered a loophole in Samsung KNOX that they claim has rendered some Galaxy S4 devices vulnerable to attacks.
KNOX is Samsung’s security feature, which creates a partition between business and personal data on a user’s phone. This is Samsung’s take on Blackberry’s enterprise security offering.
The flaw was discovered by Ph.D. student Mordechai Guri, who was conducting some tests on a Galaxy S4. Guri stated that by loading a compromised app onto the non-secure part of KNOX, all of the data transferred by the handset, including that of the secured part, could be intercepted. Five hundred Galaxy S4 handsets were bought by the Defense Information Systems agency and are being tested, in collaboration with the NSA, to determine if the handsets are fit for use by the Pentagon, but the US Department of Defense stated that the handsets have not yet been deployed.
“To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched. The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” Guri said.
Samsung was quick to deny the allegations, stating that BGU’s researchers used a device not equipped with typical security measures. The Galaxy S4 doesn’t come pre-installed with KNOX, unlike the Galaxy Note III. Instead, it needs to be downloaded onto the device. In addition, Samsung says that other security software is needed for KNOX to work properly, even after it’s been downloaded. According to Samsung, the BGU researchers did not install any other software, thus the flaw.
A spokesperson for Samsung later stated that with all the security measures in place “the core Knox architecture cannot be compromised or infiltrated by such malware.”
No one wants to admit that their product is flawed so it’s not a surprise that Samsung moved quickly to pacify the situation. The question now is, should we just take Samsung’s word for it, or does KNOX need to undergo rigorous independent testing to ascertain that it really is secure?
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
