Samsung Knox on Galaxy S4 found to have a serious ‘security gap,’ researchers say
The Wall Street Journal reports, “The security platform for Samsung Electronics Co.’s best-selling Galaxy S4 smartphone suffers from a vulnerability that could allow malicious software to track emails and record data communications, according to cybersecurity researchers at Israel’s Ben-Gurion University of the Negev.
“The alleged security gap, which the researchers say they discovered earlier this month, comes as Samsung pitches the new security platform called Knox to potential clients at the U.S. Department of Defense and other government and corporate entities, in a bid to compete with BlackBerry Ltd., whose devices have been considered the gold standard among security-conscious clients for years.
“Samsung said it was looking into the allegations, but said that an initial investigation showed the problem wasn’t as serious as the Israeli researchers have maintained.
“The researcher who discovered the alleged problem at Ben-Gurion University’s Cyber Security Lab, Mordechai Guri, said the vulnerability would allow a hacker to “easily intercept” secure data of a user of a Knox-enabled Galaxy smartphone.
“In a worst-case scenario, he added, a hacker could modify data and even insert hostile code that could run amok within the secured network.”
The lab’s chief technical officer, Dudu Mimran, said in a statement, “The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture, such as users” of the Samsung Galaxy S4.”
WSJ adds, “A spokesman for Samsung said the company “takes all security vulnerability claims very seriously” and promised to further investigate the university lab’s claims.
“However, a preliminary investigation by Samsung showed that “the threat appears to be equivalent to some well-known attacks,” the spokesman said.
“The spokesman added that the university lab’s breach of the system appeared to have been conducted on a device that wasn’t fully loaded with the extra software that a corporate client would use in conjunction with Knox.
The spokesman said, “Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware.”
If you feel that Knox has a security gap, you can simply turn it off.
Do you think Samsung should take a closer look at this Knox security gap? Let us know through a comment on our Phones Limited Facebook page.