The initial report claimed the discovery of serious security vulnerabilities in the Samsung Galaxy S4 smartphone, and other models made by the Korean firm that run its KNOX security software, that could allow attackers to intercept data sent to and from Samsung devices.
Samsung now claims that the research details a classic Man in the Middle attack, and does not identify a flaw in its KNOX system.
After discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device. This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data. The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that's not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application.
Samsung provides more information about the research and how KNOX works to protect against Man in the Middle attacks at its Samsung KNOX website.
Written by: James Delahunty @ 12 Jan 2014 13:17