Researchers at the Ben-Gurion University in Israel have discovered a loophole in Samsung KNOX that they claim has rendered some Galaxy S4 devices vulnerable to attacks.

KNOX is Samsung’s security feature, which creates a partition between business and personal data on a user’s phone.  This is Samsung’s take on Blackberry’s enterprise security offering.

The flaw was discovered by Ph.D. student Mordechai Guri, who was conducting some tests on a Galaxy S4. Guri stated that by loading a compromised app onto the non-secure part of KNOX, all of the data transferred by the handset, including that of the secured part, could be intercepted. Five hundred Galaxy S4 handsets were bought by the Defense Information Systems agency and are being tested, in collaboration with the NSA, to determine if the handsets are fit for use by the Pentagon, but the US Department of Defense stated that the handsets have not yet been deployed.

“To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched. The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” Guri said.

Samsung was quick to deny the allegations, stating that BGU’s researchers used a device not equipped with typical security measures. The Galaxy S4 doesn’t come pre-installed with KNOX, unlike the Galaxy Note III. Instead, it needs to be downloaded onto the device. In addition, Samsung says that other security software is needed for KNOX to work properly, even after it’s been downloaded. According to Samsung, the BGU researchers did not install any other software, thus the flaw.

A spokesperson for Samsung later stated that with all the security measures in place “the core Knox architecture cannot be compromised or infiltrated by such malware.”

No one wants to admit that their product is flawed so it’s not a surprise that Samsung moved quickly to pacify the situation.  The question now is, should we just take Samsung’s word for it, or does KNOX need to undergo rigorous independent testing to ascertain that it really is secure?