Researchers Discover Second Large Samsung Knox Security Vulnerability This Month

Knox

This month has not been kind to Samsung Knox and their attempt to take on BlackBerry in the secure enterprise and government space. Earlier this month they had a vulnerability in the Samsung Note 3 Knox implementation that posed a “thread to the integrity of Knox enabled devices.” Now some Israeli researchers have reported another vulnerability where any installed malicious app could record all data communication happening in the secure “Knox” container. The researcher told the Wall Street Journal that:

"For us, Knox is state-of-the-art in terms of a secure mobile architecture, and I was surprised to find out there was such a big ‘hole’ that was left untouched,"

Patrick Traynor, a computer science professor and specialist in mobile security at Georgia Institute of Technology, confirmed the validity of the vulnerability and said they have yet to determine if it could be fixed easily or would requiring reworking the core of Samsung Knox.

Check out the full story over at the Wall Street Journal. BlackBerry still has the lead in the regulated and even the enterprise space and they better take advantage of it while the competition is still floundering.

12 total comments on this postSubmit your comment!
  1. Hope enterprises are listening to this. Everybody’s claim is: it will never happen to me…

  2. Free BlackBerry 10 and BES10 publicity. And to think of placing Android and security in the same sentence lol, right.

    I suppose this explains why Knox’s dismal downloads are under 200 where as BES10 is beyond 30,000 and growing.

  3. As much as I hate Samsung, if they had half a brain, should have perhaps work close with BlackBerry for a possible BB10 licence deal. Can you imagine Galaxy phones running BB10? That would put them in the Enterprise and give companies choice. That would also get them away from the reliance of Android. JMOP

  4. If you think Knox is not secure, US defence has approved it is secure includes Iphone.

  5. They have only preliminarily approved it but keep in mind they will iron out the kinks. The big difference is that unlike the consumer space BlackBerry still has a lead in the regulated space. If BlackBerry acts fast they may be able to capitalize on that.

  6. Ronen,
    Knox devices are approved. There was a STIG released for them in May (along with BB10). Fully deployment of Android and iOS device is coming along with the Enterprise MDM being set up starting January 2014.

    Great site to see what is allowed and how to configure it on the DoD network is

    http://iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html

    All publicly accessible.

  7. The contract has been awarded for the enterprise MDM and is set to start January 1, 2014. It will take some time for a build out, for testing, and for deployment, but BES10 is approved and devices being deployed in the mean time (BB10 devices). The UDS portion of BES10 has NOT been approved and is not even FIPS validated at this time.

  8. Hmm I wonder if they will be able to pull off a UDS MDM play anytime soon for the enterprise space

1 pingback on this post

Leave a Reply

Login with:

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Latest Articles from

AndroidEffect - Improving Android One Tip at a Time

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2014’ BerryReview LLC