Security researchers from the Ben-Gurion University (BGU) of the Negev in Israel say they’ve uncovered a critical vulnerability in Samsung Knox, Samsung’s enterprise mobile security solution that’s currently used by many organizations and even government agencies.
Knox features a secure container that enables users to protect sensitive data and communications from attacks targeting a Samsung device. The security hole found by experts can be leveraged to bypass the protection and intercept communications between the secure container and the regular phone environment.
The vulnerability is said to impact Samsung Galaxy S4 devices. The flaw has been reported to Samsung, but experts say the vendor might need to recall devices or push out an over-the-air software update to address the issue.
“The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models,” noted Dudu Mimran, CTO at the BGU Cyber Security Labs.