Hole found in Samsung's Knox security feature

Samsung wants people to think its devices can be as secure as Fort Knox, but a new report suggests they may be anything but.

Researchers in Israel have found a vulnerability in Samsung’s Knox, a technology used to create a secure area on Samsung devices. The hole could allow hackers to intercept email, browser activity and other activity originating from within the Knox environment.

“Knox symbolizes state-of-the-art in terms of secure mobile architectures, and I was surprised to find that such a big ’hole‘ exists and was left untouched,” said Mordechai Guri, a Ph.D. student in the Cyber Security Labs at Israel’s Ben-Gurion University of the Negev, who discovered the vulnerability. “This weakness has to be addressed immediately, before it falls into the wrong hands.”

Knox creates a secure, password-protected virtual space within Samsung devices that’s supposed to allow the devices to connect to similarly secured corporate and government computers and access sensitive files without fear that those files might leak out to the outside world.

But thanks to the security hole, a user could install an app in the regular, non-secure area of the phone that could compromise all the phone’s communications, including those made within the Knox container, according to Cyber Security Labs researchers. In addition to exposing sensitive data, the hole could potentially be used to upload malicious files from a compromised phone to corporate or government servers, according to the Wall Street Journal.

Researchers documented the hole on a Samsung Galaxy S4 smartphone. But Cyber Security Labs researchers indicated that it could affect other devices that use Knox. The technology comes pre-installed on the Galaxy Note 3 smartphone.

Photo courtesy of Samsung.

Troy Wolverton Troy Wolverton (250 Posts)

Troy writes the Tech Files column as the Personal Technology Columnist at the San Jose Mercury News. He also covers the digital media, mobile and video game industries and writes occasionally about Apple, chips, social networking and other aspects of technology. Previously, Troy covered Apple and the consumer electronics industry. Prior to joining the Mercury News, Troy reported on technology, business and financial issues for TheStreet.com and CNET News.com.