Samsung's supposedly secure encryption service KNOX has been exposed to possess a key vulnerability. KNOX was released as a high-end security platform, but researchers from the Ben-Gurion University of Negev in Israel have discovered a flaw that could be exploited by unscrupulous individuals.
The researchers conducted the test on a Galaxy S4, and according to their findings, the flawed security system could be bypassed using the vulnerability they discovered. According to the researchers, the vulnerability could be exploited to install malicious software on the device. What's worse is that a skilled hacker could actually use the vulnerability to alter and modify existing data on the device. While the Galaxy S4 doesn't come preinstalled with Samsung's KNOX security system, the test still adequately demonstrates the shortcomings of the system.
Samsung released the KNOX system as a high-end security option for end-to-end security in offices, private firms as well as government agencies. The system was meant to address the security issues in situations where members and employees of particular organizations brought their own devices for use with official company or organization tasks. Given the sensitivity of data in some agencies and organizations, impregnable security is a must.
Back in the days, Blackberry devices filled this type of need quite nicely and BlackBerry was the gold standard among security-conscious clients. However, this is not practical in situations where employees brought their own mobile devices. Moreover, as fewer and fewer individuals opted for Blackberry handsets these days, Samsung sought to fill in the gap with its own KNOX security platform.
Despite the announcement from Ben-Gurion University researchers, Samsung has downplayed the risk and said it has everything under control. Samsung said the device, as well as the software used in the test, lacked key pieces of software that would be installed by its enterprise customers. This indicates the Samsung KNOX may not be a stand-alone solution and other security measures may need to be implemented to increase the security of Samsung's platform.