Click to Skip Ad
Closing in...
  1. Amazon Deals
    09:51 Deals

    Today’s best deals: Alexa in your car for $19.99, $5 smart plugs, Netgear Wi-Fi rout…

  2. Best Electric Lawn Mower 2021
    12:58 Deals

    The best Greenworks electric lawn mower is down to an all-time low price at Amazon

  3. AirPods 2 Price
    11:46 Deals

    Amazon’s AirPods 2 price is the lowest it’s been all year, but not for much lo…

  4. Apple TV Remote Replacement
    08:41 Deals

    OMG: There’s finally a $15 replacement for your horrible Apple TV remote

  5. Wireless CarPlay Adapter
    08:41 Deals

    Finally! CarlinKit 2.0 on Amazon converts your car’s regular CarPlay to wireless Car…




Samsung responds to reports of a huge security vulnerability in its phones

Zach Epstein
January 10th, 2014 at 9:05 AM
Samsung Knox Security Vulnerability Response

Late last month, cybersecurity researchers at Israel’s Ben-Gurion University of the Negev released a report claiming to have discovered a serious security vulnerability in the Galaxy S4 and other devices that run Samsung’s Knox security software. The researchers said that this security hole could allow a malicious hacker to intercept data sent to and from Samsung phones like the Galaxy S4, including emails and other potentially sensitive data. Samsung said immediately that it was investigating the supposed vulnerability, and now the smartphone maker has issued a public response to the Ben-Gurion University researchers’ claims.

“After discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device,” Samsung said in a statement posted on its Knox website. “This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data.”

The statement continued, “The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that’s not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application.”

Samsung went on to offer three specific measures IT professionals can take in order to ensure that their firms’ data is protected from Man in the Middle attacks like the one described by the researchers at Ben-Gurion University. The company also offered a comment from a third-party security expert, who agreed with Samsung’s assessment.

“Proper configuration of mechanisms available within KNOX appears to be able to address the previously published issue,” said mobile security expert Patrick Traynor, a professor at the Georgia Institute of Technology. “Samsung should strongly encourage all of their users to take advantage of those mechanisms to avoid this and other common security issues.”

Zach Epstein

Zach Epstein has worked in and around ICT for more than 15 years, first in marketing and business development with two private telcos, then as a writer and editor covering business news, consumer electronics and telecommunications. Zach’s work has been quoted by countless top news publications in the US and around the world. He was also recently named one of the world's top-10 “power mobile influencers” by Forbes, as well as one of Inc. Magazine's top-30 Internet of Things experts.




Popular News