Last year Samsung announced a solution that allows consumers to secure their mobile devices making it ideal for use in the corporate environment. Samsung Knox provides a comprehensive solution that segregates corporate data from applications or personal use. While many corporate businesses are now using this, cyber security researchers from Ben Gurion University in Israel say that they have discovered a flaw.
The security vulnerability could potentially allow a hacker to intercept data from a Samsung device. Samsung then began to investigate this and just released their response now.
According to the company “After discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device. This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data.”
Samsung further added that Knox offers protection against MitM attacks with these configurations
- Mobile Device Management — MDM is a feature that ensures that a device containing sensitive information is set up correctly according to an enterprise-specified policy and is available in the standard Android platform. KNOX enhances the platform by adding many additional policy settings, including the ability to lock down security-sensitive device settings. With an MDM configured device, when the attack tries to change these settings, the MDM agent running on the device would have blocked them. In that case, the exploit would not have worked.
- Per-App VPN — The per-app VPN feature of KNOX allows traffic only from a designated and secured application to be sent through the VPN tunnel. This feature can be selectively applied to applications in containers, allowing fine-grained control over the tradeoff between communication overhead and security.
- FIPS 140-2 — KNOX implements a FIPS 140-2 Level 1 certified VPN client, a NIST standard for data-in-transit protection along with NSA suite B cryptography. The FIPS 140-2 standard applies to all federal agencies that use cryptographically strong security systems to protect sensitive information in computer and telecommunication systems. Many enterprises today deploy this cryptographically strong VPN support to protect against data-in-transit attacks.
Samsung collaborated with Google in coming up with this response.
Basically what Samsung is saying is that the vulnerability is linked to Google’s Android operating system and that proper configuration of Knox can help protect a system from MitM attacks.