Researchers at Ben Gurion University say that emails and data
in the Galaxy 4′s Knox architecture can be easily intercepted.
Researchers at Ben Gurion University of the Negev’s Cyber Security Labs have found a security breach in Samsung’s smartphones based on the Knox architecture. These smartphones include the Galaxy S4, and the breach, researchers believe, enables easy interception of data communications between the secure container and the external world including file transfers, emails and browser activity.
Samsung’s Knox architecture was approved by the US Defense Department last March.
The vulnerability was uncovered by Ph.D. student Mordechai Guri during an unrelated research task. Guri is part of a wider research team at the cyber security labs which focuses on mobile and other cyber related research topics. He said, “To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched. The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands. We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”
The Knox architecture features a regular phone environment as well as a secure container that is supposed to add security protection to the phone. All data and communications that take place within the secure container are protected and even if a malicious application should attack the non-secure part all the protected data should be inaccessible under all circumstances. However, the newly found breach can be used to bypass all Knox security measures. By simply installing an “innocent” app on the regular phone (in the non-secure container) all communications from the phone can be captured and exposed.
The Samsung Knox is based on TrustZone’s mobile virtualization platform which serves as the underlying infrastructure for the available protective measures. “To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately. The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models,” said Dudu Mimran CTO of the Ben Gurion labs.