Samsung denies data leakage flaw in Knox

Google and Samsung declare Knox safe and secure following reports it contains a data leakage issue.

Don't expect Samsung to patch a recently-reported data leakage flaw in its enterprise security platform Knox — it's not even a bug, Google and Samsung have said in a joint statement.

The two companies teamed up last week to deny a claim by security researchers at Israel's Ben Gurion University (BGU) that Samsung's Knox secure app container system has a serious data leakage vulnerability.

Knox, which first shipped with the Galaxy S4, is designed to keep work and personal apps and related data in separate compartments and is a key plank in Samsung's effort to push its devices into enterprises and government .

In late December, BGU PhD student Mordechai Guri reported what he thought was a flaw in Knox for the S4. Guri believed the flaw could allow an attacker to install an app in the non-secured compartment of the device to bypass apps protected by Knox and intercept outgoing communications data from the secured container.

According to Google and Samsung, Guri used legitimate Android network functions in an unintended way and while the pair admit his exploit could intercept unencrypted connections from apps on the device, they deny it’s due to a flaw in either Knox or Android.

"This research did not identify a flaw or bug in Samsung Knox or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data," Google and Samsung said via the latter's Knox blog

MitM attacks usually involve intercepting traffic by standing between a device and another connection. In the case of intercepting traffic to websites, an attacker might use a compromised SSL certificate to spoof a popular website.

They point out that attacks such as the one Guri outlined can be prevented if apps are built to support Secure Sockets Layer (SSL) encryption.

The company quotes Professor Patrick Traynor at Georgia Institute of Technology as saying the issue can be addressed through the proper configuration of mechanisms available in Knox.

The configuration settings Samsung said would prevent the attack from working include Knox’s mobile device management feature, which can lock down security-sensitive device settings; and "per-app VPN", which forces traffic from a designated app through a VPN tunnel.

More on Knox