Samsung has issued an official response to address claims that Knox was vulnerable stating that the security suite isn’t vulnerable and users need not worry as long as they properly configure the options available in Knox.
Security researchers over at the Ben-Gurion University of the Negev claimed in December, 2013 that they had stumbled upon vulnerability in Samsung’s Knox security suite using which they were able to intercept data communications. The researchers claimed that the vulnerability was so serious that a seemingly innocuous looking app can intercept and capture all communications from the phone – even those occurring in the secure part of the phone.
Samsung has officially responded to the claims revealing that the alleged “exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.”
Samsung claimed that there is no flaw or bug in the Knox software which allowed for this kind of attack, but the researchers “demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data.”
The Korean electronics giant claimed that users can protect their data by either using a secure SSL/TLS channel or by using the built-in VPN that Android provides. “Use of either of those standard security technologies would have prevented an attack based on a user-installed local application”, stated Samsung.
Samsung further highlighted the security feature that Knox offers to counter such classic MitM attacks including Mobile Device Management, Per-App VPN and FIPS 140-2 compliant VPN client.
Samsung reached out to Professor Patrick Traynor at Georgia Institute of Technology who had initially expressed concerns over the security researchers’ findings. Traynor agreed that “Proper configuration of mechanisms available within KNOX appears to be able to address the previously published issue.”