With its flaws, Knox has directly left the Galaxy S4 and Note 3 open to attacks, according to researchers. Android may indeed have some issues when it comes to security but today’s report from Ben-Gurion University suggests that Knox may be even worse than Android’s default security.
The researchers found that by simply going through the S4 and introducing a special compromised app to the non-secure personal section of the phone, a hacker could see all of the data transferred from all areas (even Knox’s secure sections.)
Knox was specifically launched for US Department of Defense customers when Samsung was attempting to win the security system bid from BlackBerry.
The new unveiled vulnerability presents a serious threat to all users of phones based on this architecture, such as users of the Samsung Galaxy S4. – Dudu Mimran, Ben-Gurion University Cybersecurity lab chief
Samsung says that it will be working with the researchers and will try to figure out what is wrong with Knox, which has been touted as one of the most secure pieces of software for mobile phones.
Not only could a hacker use Knox’s flaw to monitor data being transferred to and from the Galaxy S4 but it could also allow someone to inject their own code into the data. This means that hacking other systems or at the very least, destroying the phone itself, would not be very difficult for someone that knows what they are doing.
Knox is pre-loaded and sold with the Galaxy Note 3 (Samsung’s most recent mainstream handset) but it can also be installed in order to provide extra security to an S4. Cooperations currently have to pay a licensing fee for the software but if an individual consumer is trying to do something that will protect their phone, they are able to download Knox for free.