Samsung Knox security software is continuously gaining popularity among the corporate businesses. And while the US Department of Defense was considering using the Knox-protected Galaxy S4 for its staff, cyber security researchers at Ben Gurion University of the Negev in Israel discovered a serious vulnerability.
According to the researchers the issue not only exposes critical email and communication data, but also allows hackers to insert malicious code through using it. Samsung immediately denied all possible vulnerabilities, but launched investigation anyway.
The investigation is now over and Samsung says it was able to verify the exploit and has intercepted critical data. As it turns out though this is not a flaw in the Knox software, but a classic Men in the Middle attack, possible due to user's omission while configuring the Knox security feature.
Here's Samsung's official description of the problem plus some tips how to avoid it. Samsung will be sending messages to the Knox users with these tips too.
"This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data. The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that's not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application."
"KNOX offers additional protections against MitM attacks. Below is a more detailed description of the mechanisms that can be configured on Samsung KNOX devices to protect against them:"
So, as it turns out there's no reason to lose your sleep about your Knox-secured device - your data is still safe with it.
I totally agree - a lot of bulls--t. I upoaded files into knox and now I cannot access it.
According to the latest vulnerability that was found, it seems that the VPN solution is not relevant. see cyber.bgu.ac.il
I believe you are incorrect if you read the entire article.