Researchers report security flaw in Samsung's Galaxy S4

An Israeli security team says a vulnerability in Samsung's Knox security platform enables malicious software to track e-mails and record data communications.

Here's some Grinchy news for those of you who put Samsung's Galaxy S4 on your holiday wish list: Israeli researchers have identified a vulnerability in the smartphone that allegedly allows a hacker to easily intercept secure data.

Samsung told CNET and other news outlets that it's looking into the issues and thus far doesn't believe the problem is as serious as the researchers present in their findings.

"Based on the information we currently have, the threat appears to be equivalent to some well-known attacks," Samsung said. "KNOX already includes mechanisms, such as per-app VPN and support of SSL/TLS, to defend against such threats. Depending on the actual exploit mechanism, such layers of KNOX can defend against any security issues. Rest assured, the core KNOX architecture cannot be compromised or infiltrated by such malware."

The report comes not only as many Galaxy S4 phones sit wrapped up under Christmas trees, but also as Samsung pitches its new Knox security platform, used in the device, to federal agencies like the Department of Defense.

Samsung Galaxy S4 James Martin/CNET

The Knox software offers high-level encryption, a VPN feature, and a way to separate personal data from work data. It also enables IT administrators to manage a mobile device through specific policies, and Samsung hopes it will appeal to security-sensitive clients as a replacement for BlackBerry devices. Knox-enabled devices have already been approved by the Pentagon for government use .

The alleged vulnerability was discovered earlier this month by researchers at Ben-Gurion University's Cyber Security Labs. Specifically, they say while the Knox is the most advanced security-driven infrastructure for mobile phones, the alleged flaw enables malicious software to track e-mails and record data communications. The flaw was uncovered by Ph.D. student Mordechai Guri during an unrelated research task.

"Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands," he said. "We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately."

Update, December 28 at 9:26 a.m. PT: Added comment from Samsung.

About the author

Michelle Meyers, associate editor, has been writing and editing CNET News stories since 2005. But she's still working to shed some of her old newspaper ways, first honed when copy was actually cut and pasted. When she's not fixing typos and tightening sentences, she's working with reporters on story ideas, tracking media happenings, or freshening up CNET News' home page.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Still taking notes with pen and paper?

Bump up your grades and school supplies with these laptops, desktops, and tablets!