toggle

AAPL Stock: 118.44 ( -2.86 )

Printed from http://www.macnn.com

Samsung: Knox not flawed, data interception Android's problem

updated 05:49 pm EST, Fri January 10, 2014

Google and Samsung collaborate on report refuting security risk

Responding to allegations of problems with its vaunted Knox security suite, Samsung has said that a problem identified at the end of 2013 is not specific to Galaxy devices. Samsung, in conjunction with Google blame "legitimate Android functions" for the flaw, noting that customers who use "standard security technologies" would have prevented an attack.

Samsung Knox is Samsung's enterprise mobile security solution that addresses the needs of enterprise information technology without invading its employees' privacy. The service, first released on the Samsung Galaxy Note 3 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung claims that the product "addresses all major security gaps in Android," yet appears to blame Android for this particular flaw.

Samsung says in its statement regarding the issue that "after discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from and to applications on the mobile device. This research did not identify a flaw or bug in Samsung Knox or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data."

It added that the research specifically "showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that's not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application."

Mobile security professor Patrick Traynor noted in Samsung's statement that "proper configuration of mechanisms available within Knox appears to be able to address the previously-published issue. Samsung should strongly encourage all of their users to take advantage of those mechanisms to avoid this and other common security issues."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented