Security researchers over at the Ben-Gurion University of the Negev have stumbled upon a vulnerability in Samsung’s Knox security software found on Galaxy S4 smartphones, which they claim could allow for easy interception of data communications.
Mordechai Guri, the Ph.D. who discovered the vulnerability, revealed that he was surprised to find such a huge security hole and as the software is being used by many organizations and government agencies it needs to be patched immediately.
“We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately”, said Guri in a press release.
Samsung’s Knox architecture, which is based on TrustZone’s mobile virtualization platform, comprises of a secure container that adds protection to the phone and a regular phone environment. The system has been designed such that all data communications within the secure container are to remain protected even if the non-secure part of the phone is attacked.
However, the security researcher claims that the newly discovered vulnerability would allow an attacker to install a supposedly ‘innocent’ looking app on the regular part of the phone and capture all communications from the phone – even those occurring in the secure part of the phone.
Neither the student nor the university officials have given any technical details about the vulnerability considering the critical nature of the software.
As Mark Twain said, Gird Up Your Loins and Doubt That, anytime an appliance builder puts a new skin on security. You might be the one who gets skinned.