Feeds

Knox vuln is Android not us, says Samsung

Data leaks should be manageable

Choosing a cloud hosting partner with confidence

Samsung and Google have taken an unusual step, jointly posting an advisory that a security problem revealed last month is not Samsung-specific, but is in fact an Android vulnerability.

Late in December, a researcher from Ben Gurion University of the Negev in Israel said there was a gap in the Knox security implementation in Samsung's Galaxy S4 devices. Based on TrustZone technology, the Knox environment provides a virtualised secure container that's meant to protect sensitive data from attack, even if the non-secure part of a phone is compromised.

The researcher, PhD student Mordechai Guri, found that an app could be installed in the insecure part of the phone that would be able to capture and expose communications that were meant to be secured.

At the time, Samsung disputed the university's characterisation of the security vulnerability as a “category one” problem (that is, high severity), claiming that because the tests were conducted on store-bought phones, the target devices lacked the full enterprise suite of security features.

However, in an announcement published on Thursday, January 9, Samsung says: “Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.

“This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data,” the statement continues.

In that statement, Samsung claims that it collaborated with Google to confirm that the issue is an Android vulnerability. The company says enterprise users should guard against the issue using mobile device management, per-application VPNs, and the Knox FIPS 140-2 capabilities.

A Google spokesperson confirmed the company's involvement in confirming Samsung's belief that the problem is in Android, in an e-mail to The Register. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED
Classified systems 'not affected' - but, is this reconnaissance?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.