Major Vulnerabilities found in Samsung KNOX Software

Security experts have disclosed 3 vulnerabilities in Samsung Knox, a piece of software deployed on phones to separate personal and professional data for security purposes, according to Wired.

The Israeli security firm Viral Security Group exposed the flaws on a Samsung Galaxy S6 and a Galaxy Note 5, which allowed full control of each device.  Considering the purpose of the software is to maintain the security of a business issued handset whilst allowing the flexibility of a personal device, the businesses that deploy this system may be assuming that these devices are safe despite moving between internal and external (protected and unprotected) network connections.

It's important to note that these vulnerabilities have since been patched in a security update, however, before the patch the researchers at Viral Security Group were able to replace legitimate applications with rogue versions, with access to all available permissions, without the user's notice.  Many businesses rely on the Knox software to make sure any connection to a business network is made from the "safe zone" of the phone, and once outside of it's protective environment the personal segment of the phone is used.  If movement between these two parts of the device's software is breached the protections are essentially useless and the device once again becomes a BYOD-type threat.

The take-away from this all is that you can't assume your security measures are foolproof, once protections are put in place, a significant responsibility still lies with understanding, controlling, and analysing network traffic.

The full white paper describing the flaws is well worth a read if you have time, but first make sure any devices on your network have fully up to date software.