Researcher Says Samsung Knox Container is Vulnerable

An Israeli security researcher from the Ben-Gurion University of the Negev’s Cyber Security Labs claims to have uncovered a serious security flaw in Samsung Knox.

An Israeli security researcher from the Ben-Gurion University of the Negev’s Cyber Security Labs claims to have uncovered a serious security flaw in Samsung Knox.

Knox is a security- and privacy-centric platform built into certain Samsung devices running Android. The Knox architecture, tailored for enterprise and government users, is designed in part to compartmentalize device data between personal and professional use.

Mordechai Guri, a Ph.D. student at BGU, discovered the flaw in Samsung’s flagship Galaxy S4 device. According to a report on the university’s website, the bug could give an attacker the ability to intercept communication data between Knox’s secure container and the files outside of it.  For now, the flaw appears to only affect Galaxy S4 devices.

By design, Knox’s container feature should keep all data inside the container separate from any data outside of it. Apps within the container can access certain information outside the container – depending on user configuration and settings. Apps outside the container, on the other hand, should never be able to access information stored by apps and folders within the container.

Ideally, if a phone becomes infected with malware or compromised in some other way, all the data within the container should be protected. The flaw, Guri claims, can be used to bypass Knox’s security mechanisms.

“To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ‘hole’ exists and was left untouched,” Guri wrote. “The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands. We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”

A Samsung spokesperson downplayed the flaw, telling the Wall Street Journal that an ongoing internal investigation revealed that the vulnerability is not as serious as the researchers claim.

“To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately. The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models” said Dudu Mimran, the Chief Technology Officer of BGU’s Cyber Security Labs.

The Pentagon green-lit Samsung Knox-enabled Android devices for use on military networks back in May. The secure platform is still under review by the military, but, if it is approved, may soon be allowed for use within the Department of Defense. Full Pentagon approval would be a serious step forward for the Android operating system, which is an increasingly popular target among attackers as its share of the mobile operating system marketplace continues to grow.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.