Major flaw discovered in mobile software used by gov't agencies

Share this article:
The vulnerability affects Samsung's Galaxy S4 which is currently used by government agencies.
The vulnerability affects Samsung's Galaxy S4 which is currently used by government agencies.

A serious vulnerability has been discovered in a Samsung device security solution that runs on Android and is used by government agencies, including the Pentagon.

Knox is a software that bolsters security and privacy on Android-based Samsung devices. It works by creating a secure container that prevents anything stored within it from interacting with anything stored outside of it, depending on user configurations.

Knox, however, contains a security flaw that could allow an attacker to intercept communications between the secure container and any file transfers, emails and browser activity outside of it.

Mordechai Guri, an Israeli security researcher from Ben-Gurion University (BGU) of the Negev's Cyber Security Labs, discovered the vulnerability. Guri is part of a research team at the university that focuses on mobile related research topics.

According to a post published on the school's website, the flaw currently only affects users with Samsung's Galaxy S4.

In May, the Department of Defense (DoD) cleared two smartphone and tablet manufacturers to be sold to the Pentagon and run on its internal networks. One of the devices included Knox on the Galaxy S4. Due to security fears, the DoD previously restricted staff from using Android devices on internal networks.

“The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” Guri said in the post.

Researchers have contacted Samsung with details on the vulnerability so it may be addressed quickly.

“To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately,” Dudu Mimran, chief technology officer of BGU's Cyber Security Labs said in the post. “The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models.”
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.