Samsung Knox security software reportedly suffering from hole that could allow interception of data

Alex Wagner
Editorial Director of News and Content from  Omaha, NE
| December 24, 2013

Samsung Galaxy S 4

Samsung's Knox security software has been in the news quite a bit lately as support for the service has been rolling out to various U.S. carrier-branded Galaxy devices as part of a Premium Suite update. Knox is making headlines once again today, but this time the news isn't quite as exciting.

According to cyber security researchers at the Ben-Gurion University of the Negev in Israel, Samsung Knox suffers from a security hole that could allow a ne'er do well to intercept the data being received by a Knox-enabled device and potentially even insert special code to attack the secure network that the device is accessing. The vulnerability, which can reportedly be be accessed by a simple app disguised as a children's game, was discovered last month and is said to have been tested on multiple retail Galaxy S 4 units.

Samsung has told The Wall Street Journal that it's currently investigating the alleged issue. After its initial examination, the company doesn't feel that the vulnerability is as bad as its discoverer's make it out to be, explaining that the breach conducted by the cybersecurity researchers was done using a device that didn't have the complete Knox software that an actual corporate client would use. However, Samsung went on to say that it "takes all security vulnerability claims very seriously" and that it would continue to look into the situation. "Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware," a Samsung spokesman said.

While any sort of mobile security vulnerability is a big deal, these latest claims are especially significant because they involve a device that's moved tens of millions of units to date as well as software that's intended to make that device more secure. The good news is that Samsung is already looking into the matter, and because it involves its flagship Galaxy hardware and Knox software, I'm sure that the company is working as quickly as possible to get to the bottom of these allegations. That's especially true when you note that Samsung is working to get its hardware integrated into U.S. Department of Defense, which is currently testing 500 Galaxy S 4 devices.

Via The Wall Street Journal