Samsung’s wants people to think its devices can be as secure as Fort Knox, but a new report suggests they may be anything but.
Researchers in Israel have found a vulnerability in Samsung’s Knox, a technology used to create a secure area on Samsung devices. The hole could allow hackers to intercept email, browser activity and other activity originating from within the Knox environment.
“Knox symbolizes state-of-the-art in terms of secure mobile architectures, and I was surprised to find that such a big ‘hole’ exists and was left untouched,” said Mordechai Guri, a Ph.D. student in the Cyber Security Labs at Israel’s Ben-Gurion University of the Negev, who discovered the vulnerability. “This weakness has to be addressed immediately, before it falls into the wrong hands.”
Knox creates a secure, password-protected virtual space within Samsung devices that’s supposed to allow the devices to connect to similarly secured corporate and government computers and access sensitive files without fear that those files might leak out to the outside world.
But thanks to the security hole, a user could install an app in the regular, non-secure area of the phone that could compromise all the phone’s communications, including those made within the Knox container, according to Cyber Security Labs researchers. In addition to exposing sensitive data, the hole could potentially be used to upload malicious files from a compromised phone to corporate or government servers, according to the Wall Street Journal.
Researchers documented the hole on a Samsung Galaxy S4 smartphone. But Cyber Security Labs researchers indicated that it could affect other devices that use Knox. The technology comes pre-installed on the Galaxy Note 3 smartphone.
