Samsung’s Knox security system, designed to allow it to compete with Blackberry for government and corporate business, contains a vulnerability that could be breached by something as simple as a children’s game, say security researchers at Israel’s Ben-Gurion University of the Negev.
Knox is designed to provide a secure storage area in the phone for sensitive data, protected from apps installed outside it. The WSJ reports that an app installed outside the Knox container could be capable of recording all data communication taking place inside Knox – “even a relatively unsophisticated app, such as a mobile game aimed at children” …
The alleged security gap, which the researchers say they discovered earlier this month, comes as Samsung pitches the new security platform called Knox to potential clients at the U.S. Department of Defense and other government and corporate entities, in a bid to compete with BlackBerry, whose devices have been considered the gold standard among security-conscious clients for years.
While it’s normal for vulnerabilities to be discovered during testing of new security systems, this one has been described as a ‘category one’ weakness, the most serious level.
“For us, Knox is state-of-the-art in terms of a secure mobile architecture, and I was surprised to find out there was such a big ‘hole’ that was left untouched,” said Dudu Mimran, the lab’s chief technical officer, who added that he was willing to work with Samsung on the issue.
While Knox was said to have been approved for government use, the Pentagon said that it is currently only testing 500 Samsung S4 handsets equipped with Knox, and that none of them have been deployed.
Samsung confirmed that the vulnerability exists, but downplayed its importance and said that it will be patched.