Samsung Knox needs a security overhaul

Samsung may want to rethink the security technology it has developed to sell its smartphones and tablets to corporations and government agencies. A university researcher in Israel has discovered a major flaw in Samsung Knox that could allow someone to capture file transfers, emails and browser activity.

Knox troubles

Knox is part of the Samsung for Enterprise (SAFE) initiative, which has the mission of providing enterprise-class security on select mobile devices. Currently, SAFE technology is available on Samsung Galaxy phones and tablets.

Knox is a major security feature because it separates personal from corporate apps and data by stashing the latter in a special container. All communications with the corporate network is through the container, which prevents data from being accessed by unauthorized apps.

Knox is suppose to be particularly useful to organizations that want to support employees who prefer to use their personal devices for work. However, the latest flaw, if exploited, would make the technology useless in preventing data from being siphoned from the phone.

The vulnerability enables an app on the non-secured side of the Android device to bypass all of Knox's security technology, according to Ph.D. student Mordechai Guri at Ben-Gurion University. The school did not provide technical details of the flaw, opting instead to hand them over to Samsung, so the vendor can release a fix.

Rethinking security

In the university's opinion, Samsung should either recall the affected devices or publish an over the air patch immediately. "The weakness found may require Samsung to rethink a few aspects of their security architecture in future models," Dudu Mimran, chief technology officer of BGU labs, said.

The hole surprised Guri, who said he discovered it while doing unrelated research on mobile security. "To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big hole exists and was left untouched," he said.

The discovery couldn't come at a worse time for Samsung. The U.S. Defense Department is reviewing Knox and other Samsung mobile security features in deciding whether they are good enough to protect classified information.

Even before the latest discovery, the Pentagon and corporate customers were reportedly frustrated over Knox delays and bugs. The new vulnerability is unlikely to ease that frustration.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies