Ben Gurion University security researchers have discovered a critical vulnerability in Samsung’s highly secure software on its flagship device the Galaxy S4.
The university’s Cyber Security Labs noted that the Samsun devices are based on the Knox architecture and that Samsung Knox is currently undergoing the U.S. Department of Defense approval review process.
Researchers believe that the breach in Samsung’s most advanced security-driven infrastructure for mobile phones enables easy interception of data communications between the secure container and the external world including file transfers, emails and browser activity.
The vulnerability was uncovered by Ph.D. student Mordechai Guri during an unrelated research task. Guri is part of a wider research team at the cyber security labs which focuses on mobile and other cyber related research topics.
“To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched,” he said.
Guri added, “The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands. We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”
The newly found breach can be used to bypass all Knox security measures. By simply installing an “innocent” app on the regular phone (in the non-secure container) all communications from the phone can be captured and exposed.