Enterprise users of Samsung’s Knox security software have a reason to be worried as cyber security researchers at Israel’s Ben-Gurion University of the Negev have found a “serious vulnerability” that could lead to your secure emails and data communications to be read by malicious software.
After the golden days of BlackBerry started to sunset, various smartphone manufacturers are trying to jump in to the fray to claim their own share of the lucrative Enterprise market pie. Subsequently, Samsung created Knox to make the Android OS secure for enterprise environments.
According to the research, the vulnerability will allow hackers to record data communications and track emails. Further, in case of a worst-case scenario, a hacker could even inject hostile code and modify data that can propagate through the secure network.
Dudu Mimran, the lab’s chief technical officer, said in a statement, “The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture, such as users” of the Samsung Galaxy S4.
Samsung has acknowledged the findings and a spokesman for the company said that Samsung “takes all security vulnerability claims very seriously” and has also promised that they will investigate the university lab’s claims.
Samsung has also conducted a preliminary investigation and said that “the threat appears to be equivalent to some well-known attacks.” The spokesman also adds that breach of the system conducted by the university’s lab was apparently carried out on a device that did not carry the entire corporate software alongwith Knox as it would happen in a real-world scenario. “Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware,” he added confidently.
Patrick Traynor, who works at Georgia Institute of Technology as a computer-science professor and specialist in mobile security said,
“It is not surprising that Knox, much like all software, has some unintended weaknesses. However, this problem appears to be serious enough that it should be patched immediately.”
This news would be a serious blow to Samsung as the U.S. Department of Defense is considering Samsung devices in the Pentagon and even purchased 500 Samsung Galaxy S4 smartphones to test. A government spokesman made it absolutely clear that they wouldn’t use the devices if they were found to be insecure.