A security vulnerability within the Knox software used by the Samsung Galaxy S4 and the Note 3 could allow a malicious app to "listen in" on data transferred within the secured environment, researchers warned.
The vulnerability was reported Tuesday by The Wall Street Journal, based on a report by Israel's Ben-Gurion University of the Negev. Samsung officials told the Journal that the vulnerability was found in developer phones that weren't "fully loaded with the extra software that a corporate client would use in conjunction with Knox," the paper reported. So far, the Knox vulnerability has only been discovered on the Galaxy S4.
Like third-party apps such as NitroDesk's TouchDown HD, Knox was developed with an eye for the so-called "BYOD" movement, where personal smartphones and other devices are allowed onto corporate networks. The problem is that those same corporate network administrators want to ensure that sensitive corporate data—which can include email, contacts, and calendar information—doesn't wander outside the corporate firewall, intentionally or not.
Samsung's Knox creates an encrypted, virtualized space within the smartphone, so that apps such as email, phone, contacts, and others can be loaded securely. Data can be prevented, by policy, by being moved outside of Knox.
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon