Security flaws identified in Samsung Galaxy S4

ben gurion university

ben gurion university

Researchers at the Ben-Gurion University of the Negev in Israel say they’ve discovered a major security flaw in the enterprise software of Samsung’s best-selling Galaxy S4 smartphone that could enable hackers to intercept emails and record data communications. The Galaxy S4, introduced earlier in 2013 is one of Samsung’s latest Android-running smartphones.

According to the university, the alleged flaw was inadvertently spotted by Ph.D. student Mordechai Guri while doing other testing on the Galaxy S 4. He discovered the vulnerability which allows an attacker to load a compromised application onto the personal part of the Android smartphone, all of the data transferred by the handset including the data believed to be secure could be intercepted by the attackers including messages, browser use, and files transferred. Multiple handsets were tested and found to be similarly vulnerable.

“To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ‘hole’ exists and was left untouched,” Guri said Tuesday in a news release issued by the university.

“The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” he said. “We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”

Alternatively, the app which could be cloaked as a game or other simple application could even fraudulently inject its own code into the secure data transfer, researchers claim, though the spokesperson for the company claims that the issue is not as serious as researchers have made it out to be, calling the supposed flaw “equivalent to some well-known attacks.”

The Knox software provides high-level encryption, a VPN feature, and a way to segregate personal data from work data. It also empowers IT administrators to manage a mobile device through specific policies. This could be a problem for KNOX, as it is presently undergoing the U.S. Department of Defense (DOD) approval review process.

Around 500 Galaxy S 4 handsets have been purchased by the Defense Information Systems Agency and are undergoing testing, in cooperation with the NSA, to determine their potential safety for use on Pentagon systems. However, a US Department of Defense spokesperson said in response to the reported security flaw, none of the handsets had been deployed, and the phone was still not recommended for Pentagon use.

KNOX is free to download, but corporate users pay a licensing fee. The security system also comes preloaded onto Galaxy Note 3 phones. In October, six months after it was introduced, Samsung announced that it had sold 40 million Galaxy S4 handsets.

Samsung is aware of the flaw and has already patched some holes in the KNOX system, and the company has already begun preliminary investigations to look into the claims made by the Israeli university.

Richard Meryn
Richard Meryn, Associate Editor Industry Leaders Magazine (www.industryleadersmagazine.com)

Recent Posts

Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

The Covid-19 pandemic ravaging the world for more than a year has forced companies and organizations to find viable solutions to keep the business going. Most found a solution in w
3 days ago
Meme stocks frenzy and 3 companies to follow

Meme stocks frenzy and 3 companies to follow

The doom and gloom about the stock market that has been predicted since the pandemic started has abated somewhat with the resilience shown by investors (helped by low-interest rate
3 days ago
US Space Force allows repurposed SpaceX rocket to launch GPS satellite

US Space Force allows repurposed SpaceX rocket to launch GPS satellite

A GPS navigation satellite built by Lockheed Martin is set to ride a reused SpaceX booster on a launch from Cape Canaveral, Florida, Thursday. It will be the first time a military
3 days ago
Disney boss says 40 pc ad revenue went to streaming sites, no plans of ad supported Disney+

Disney boss says 40 pc ad revenue went to streaming sites, no plans of ad supported Disney+

Walt Disney CEO Bob Chapel says the company’s advertising revenue for the upcoming fall television season was strong and went up by “double-digits” compared to 2019.
5 days ago
BlackRock ETFs breach $3 trillion mark in May

BlackRock ETFs breach $3 trillion mark in May

BlackRocks’ exchange-traded fund crossed $3 trillion for the first time in May, in sync with the ETF industry’s race to an all-time high of $9 trillion.
5 days ago
Flagship Pioneering, investor in Moderna raises $3.4 billion funds

Flagship Pioneering, investor in Moderna raises $3.4 billion funds

Flagship Pioneering, the bioplatform company, and the venture capital investor in Moderna, today announced that it had raised additional funding of $2.23 billion, which brings its
6 days ago