Security researchers at BGU’s Cyber Security Labs have identified a critical vulnerability in highly secure Samsung mobile devices which are based on the Knox architecture. Samsung Knox, which is currently undergoing the US Department of Defense approval review process, features the most advanced security-driven infrastructure for mobile phones. The breach, researchers believe, enables easy interception of data communications between the secure container and the external world including file transfers, emails and browser activity.
The vulnerability was uncovered by Ph.D. student Mordechai Guri during an unrelated research task. Guri is part of a wider research team at the cyber security labs which focuses on mobile and other cyber related research topics. “To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ’hole‘ exists and was left untouched. The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” he said. “We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”
The vulnerability was first reported by The Wall Street Journal late Monday evening.
The Knox architecture features a regular phone environment as well as a secure container that is supposed to add security protection to the phone. All data and communications that take place within the secure container are protected and even if a malicious application should attack the non-secure part all the protected data should be inaccessible under all circumstances. However, the newly found breach can be used to bypass all Knox security measures. By simply installing an “innocent” app on the regular phone (in the non-secure container) all communications from the phone can be captured and exposed.
The Samsung Knox is based on TrustZone’s mobile virtualization platform which serves as the underlying infrastructure for the available protective measures. “To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately. The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models” said Dudu Mimran the Chief Technology Officer of the BGU labs.
The Cyber Security Labs part of BGU’s Homeland Security Institute are located in the Advanced Technologies Park adjacent to the University in Beer-Sheva. They are headed by Prof. Yuval Elovici of the Department of Information Systems Engineering, who is also director of Telekom Innovation Laboratories at BGU. The labs are a pioneer in Israel’s cyber security powerhouse – actively researching the topic of mobile device security as well as network security for seven years both independently and as part of the existing tight collaboration with Telekom Innovation Laboratories.