Major flaw discovered in mobile software used by gov't agencies

Share this article:
The vulnerability affects Samsung's Galaxy S4 which is currently used by government agencies.
The vulnerability affects Samsung's Galaxy S4 which is currently used by government agencies.

A serious vulnerability has been discovered in a Samsung device security solution that runs on Android and is used by government agencies, including the Pentagon.

Knox is a software that bolsters security and privacy on Android-based Samsung devices. It works by creating a secure container that prevents anything stored within it from interacting with anything stored outside of it, depending on user configurations.

Knox, however, contains a security flaw that could allow an attacker to intercept communications between the secure container and any file transfers, emails and browser activity outside of it.

Mordechai Guri, an Israeli security researcher from Ben-Gurion University (BGU) of the Negev's Cyber Security Labs, discovered the vulnerability. Guri is part of a research team at the university that focuses on mobile related research topics.

According to a post published on the school's website, the flaw currently only affects users with Samsung's Galaxy S4.

In May, the Department of Defense (DoD) cleared two smartphone and tablet manufacturers to be sold to the Pentagon and run on its internal networks. One of the devices included Knox on the Galaxy S4. Due to security fears, the DoD previously restricted staff from using Android devices on internal networks.

“The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” Guri said in the post.

Researchers have contacted Samsung with details on the vulnerability so it may be addressed quickly.

“To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately,” Dudu Mimran, chief technology officer of BGU's Cyber Security Labs said in the post. “The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models.”
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.