Security researchers sometimes get it wrong

Google has joined Samsung in defending Knox, the latter company's Android security platform that university researchers claimed contained a major flaw that could allow a hacker to capture file transfers, emails and browser activity.

I reported on the discovery by Ben-Gurion University in Israel last month. Based on the research, I said Samsung may have to make big changes to the technology that the company hoped would make its smartphones and tablets more attractive to corporations and government agencies.

According to Google and Samsung the problem isn't with Knox, but with the university's research.

"This research did not identify a flaw or bug in Samsung Knox or Android; it demonstrated a classic man-in-the-middle attack, which is possible at any point on the network to see unencrypted application data," Samsung said in a joint statement with Google on the Knox blog. (https://www.samsungknox.com/en/blog/samsungs-official-response-recent-article-knox-vulnerability Samsung Knox)

Instead of finding a major flaw, the research only showed the importance of encrypting  application data before sending it over the Internet. That's commonsense and hardly as sexy as saying Knox had a security hole large enough to pose a serious risk to companies using the platform.

It's not unusual for security researchers to go off half-cocked in seeking publicity for their work. In this case, Dudu Mimran, chief technology officer of BGU labs, suggested that Samsung should either recall the affected devices or publish an over the air patch immediately.

Evidently, Mimran was too quick in handing out such advice.

Samsung still has some work to do with Knox, which creates secure containers for corporate data, so it can't be moved to unauthorized apps. Delays and bugs have reportedly frustrated customers, including the U.S. Defense Department.

The Pentagon recently suspended use of Android and iOS devices at least until March, while it installs a new $16 million mobile device management system.

The Defense Department plans to eventually allow employees to have a choice of government-issued Apple, Samsung and Blackberry smartphones and tablets. Being a part of that rollout is the best way for Samsung to prove the strength of Knox.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.