Samsung Knox Mobile Security Platform Flaw Discovered

The Knox architecture features a regular phone environment as well as a secure container that is supposed to add security protection to the phone.

A critical flaw in Samsung’s much publicized Knox smartphone security platform could enable easy interception of data communications between the secure container and the external world, including file transfers, emails and browser activity, according to the findings of security researchers at Ben-Gurion University’s Cyber Security Labs in Israel.

The Knox architecture features a regular phone environment as well as a secure container that is supposed to add security protection to the phone. All data and communications that take place within the secure container are protected and even if a malicious application should attack the non-secure part all the protected data should be inaccessible under all circumstances.

However, a critical vulnerability, uncovered by Ph.D. student Mordechai Guri during an unrelated research task, allows a user to bypass all Knox security measures by installing an "innocent" app on the regular phone (in the non-secure container), whereby all communications from the phone can be captured and exposed.

"To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched,” Guri said in a statement. "The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands. "We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately."

Accessible through an icon on the home screen, the Knox container presents to users a variety of enterprise applications (including email, browser, contacts, calendars, file-sharing, collaboration, CRM and business intelligence apps) in a secure environment.

The platform enables existing Android ecosystem applications to automatically gain enterprise integration and validated security with zero change to the application source code.

"To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately," Dudu Mimran, chief technology officer of the BGU labs, said in a statement. "The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models."

The majority of businesses (79 percent, to be exact) had a mobile security incident in the past year, and the costs are substantial, according to security specialist Check Point Software Technologies' second mobile security report, "The Impact of Mobile Devices on Information Security", which was released earlier this year.

The report found mobile security incidents cost 42 percent of businesses six figures, with 16 percent putting the cost at more than $500,000. Large businesses were especially hard hit, as more than half (52 percent) of large businesses reported mobile security incidents have amounted to more than $500,000 in the past year.

Small to midsize businesses (SMBs) were not immune to costly mobile security incidents, however. Forty-five percent of companies with fewer than 1,000 employees saw mobile security incidents exceeding $100,000 in the past year, the survey revealed.