Last Thursday, Samsung, along with Google, issued an official response to research produced by a group studying the KNOX platform at Israel's Ben-Gurion University of the Negev.
In December, university researchers said that KNOX, Samsung's mobile security platform that sits on top of a hardened Android installation, suffered from a serious flaw that could allow a malicious attacker to monitor emails or record calls. KNOX is available for devices such as Samsung's Galaxy S4, and has gained the attention of government agencies and enterprise operations looking for MDM solutions. It offers a secure separation between work and play on the device, allowing the organization to keep sensitive data protected, while allowing the employee to use their device at will.
In a statement on their research, Ph.D. student Mordechai Guri said that the weakness had to be addressed immediately by Samsung; else many organizations and government agencies could be placed at risk. Adding to that, Dudu Mimran, the Chief Technology Officer of the BGU labs, suggested that Samsung issue a recall or publish and over-the-air update to the KNOX platform.
However, Samsung says that by discussing the issue with Google and the university researchers, the root cause of the issue has been discovered. As it turns out, the issue is within the Android operating system, not the KNOX platform.
"After discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.
"This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data. The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet...
Samsung ended their statement by encouraging all researchers working on the KNOX platform to contact them directly with security concerns.