A security vulnerability within the Knox software used by the Samsung Galaxy S4 and the Note 3 could allow a malicious app to "listen in" on data transferred within the secured environment, researchers warned.
On Jan. 9, Samsung dismissed the findings as a "man in the middle attack".
The vulnerability was reported Tuesday by The Wall Street Journal, based on a report by Israel's Ben-Gurion University of the Negev. Samsung officials told the Journal that the vulnerability was found in developer phones that weren't "fully loaded with the extra software that a corporate client would use in conjunction with Knox," the paper reported. So far, the Knox vulnerability has only been discovered on the Galaxy S4.
Like third-party apps such as NitroDesk's TouchDown HD, Knox was developed with an eye for the so-called "BYOD" movement, where personal smartphones and other devices are allowed onto corporate networks. The problem is that those same corporate network administrators want to ensure that sensitive corporate data—which can include email, contacts, and calendar information—doesn't wander outside the corporate firewall, intentionally or not.
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon