Knox-Enabled Samsung Galaxy S4 May Have a Major Security Issue
The Knox-enabled Samsung Galaxy S4 smartphone reportedly suffers from a vulnerability that could allow malicious software to track emails and record data communications, reports the WSJ.
Knox is an Android-based solution specifically designed to enhance security of the current open source Android platform. The new security platform has been pitched to potential clients at the U.S. Department of Defense and other government and corporate entities to compete with BlackBerry.
A researcher from Ben-Gurion University's Cyber Security Lab, Mordechai Guri, has discovered a vulnerability would allow hackers to "easily intercept" secure data of a user of a Knox-enabled Galaxy smartphone. In the worst case scenario, a hacker could modify data and insert hostile code that could run within a secured network.
"The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture, such as users" of the Samsung Galaxy S4, Dudu Mimran, the lab's chief technical officer, said in a statement.
A Samsung spokesman said the company "takes all security vulnerability claims very seriously" and will investigate the matter. A preliminary investigation by the company reportedly showed that "the threat appears to be equivalent to some well-known attacks".
Notably, the Defense Information Systems Agency and the National Security Agency have purchased 500 Galaxy S4 devices for testing as part of a pilot program. Those devices "have not been deployed and remain in testing." If the research is correct, the vulnerability would classify as a "category one" vulnerability, the most serious of its kind.