This means that the protection that it is meant to provide phones isn’t as solid as previously expected.
The Knox mobile security architecture from Samsung provides a standard smartphone environment in addition to a secure container which is meant to boost the protection level of the device.
A vital flaw within that platform has now been identified which could be seriously problematic.
This mobile security platform issue can make it possible for data communications to be easily intercepted between the external world and the Knox secure container. This includes emails, file transfers, and browser activity, among others. The vulnerability was discovered by Ben-Gurion University researchers in the Cyber Security Labs that are located in Israel.
This means that the mobile security platform issue affects all communications and data inside the secure container to the outside world.
When functioning properly, Knox should stop any kind of access to communications and data that are taking place within the secure container. This should be true even if a malicious application should make an attack on part of the protected data’s non-secure elements. This should make it completely inaccessible no matter the circumstances.
However, as it turns out, it is not functioning as well as was previously believed. The reason is that there is a critical vulnerability present in the Knox platform. It was discovered by Mordechai Guri, a Ph.D. student at the university. It was uncovered during a research task that was completely unrelated to finding it. It opens up the possibility of a user to be able to bypass all of the security measures from Knox by installing what appears to be an app that is completely innocent on a normal phone (within the non-secure container), which would allow any communications occurring on the device to be captured and exposed.
Guri released a statement about the discovery of this mobile security vulnerability, saying that “To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched.” He added that the platform has experienced widespread adoption by many government agencies and large organizations and that it is very important that this weakness be corrected right away.
