Mobile Alert: Bug in Smartphone

Monday, December 30, 2013 @ 05:12 PM gHale

There is a vulnerability in the Samsung’s Galaxy S4 smartphone where an attacker could seize data.

Israeli researchers found the hole and sent the information over to Samsung which said it is looking into the matter, but it does not feel the problem is serious.

Pulling RSA Keys by Listening
Air Gaps Not Even Secure
Resilience Metrics can Beat Threats
Management Seeing the Security Light

“Based on the information we currently have, the threat appears to be equivalent to some well-known attacks,” Samsung said. “KNOX already includes mechanisms, such as per-app VPN and support of SSL/TLS, to defend against such threats. Depending on the actual exploit mechanism, such layers of KNOX can defend against any security issues. Rest assured, the core KNOX architecture cannot be compromised or infiltrated by such malware.”

As smartphones continue to grow in usage and popularity, security remains a bone of contention where researchers say the devices are very vulnerable. This latest report comes out as Samsung continues to tout its Knox security platform.

Knox software offers high-level encryption, a VPN feature, and a way to separate personal data from work data. It also enables IT administrators to manage a mobile device through specific policies, and Samsung hopes it will appeal to security-sensitive clients as a replacement for BlackBerry devices. Knox-enabled devices gained approval by the Pentagon for government use.

The vulnerability ended up revealed earlier in December by researchers at Ben-Gurion University’s Cyber Security Labs. Specifically, they said while Knox is the most advanced security-driven infrastructure for mobile phones, the flaw enables malicious software to track emails and record data communications. Ph.D. student Mordechai Guri found the flaw during an unrelated research task.

“Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” he said. “We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”

Leave a Reply

You must be logged in to post a comment.