The Samsung Knox, the privacy and security centric platform, is vulnerable to attacks. This security platform is built for major and flagship Android-based Samsung Smartphone devices, including Samsung Galaxy S4. A security researcher from the Ben-Gurion University (BGU) of the Negev’s Cyber Security Labs has uncovered the vulnerability in the software.

Research findings

Samsung Knox security architecture is designed for enterprise and government users in order to separate and compartmentalize data specific to business use from the personal data. BYOD software, Knox container of data is supposed to protect all the data inside it and split from the personal information to ensure complete protection from security threats and unsecure access. Ideally apps outside Samsung Knox container could be able to get access to apps, folders and other data locked inside Knox BYOD container. That way, data, apps and folder compartmentalized inside Samsung Knox container will still be protected even if the device becomes exposed to any malware threats or hackers’ attack. However, the flaw in the Samsung Knox may not enable users to protect the data under Knox. The vulnerability found by Mordechai Guri, a Ph.D. student at BGU, claimed to be exploited to crack the security container of Samsung Knox. Guri has spotted the flaw inside the latest flagship Samsung Galaxy S4 device.

Galaxy S4 is vulnerable to attacks through this flaw

Guri stated that “To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched. The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands. We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”

In response to the detection of the security vulnerability in Knox, a Samsung spokesperson has claimed that the vulnerability is not as severe as stated by the researchers.

Dudu Mimran, the Chief Technology Officer of BGU’s Cyber Security Labs, warned that “The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models”.