Enterprise information systems are increasingly adopting mobile devices as part of their BYOD (Bring Your Own Device) strategies. This calls for robust mobile device management (MDM) platforms to secure business data shared to employee devices. Samsung’s Knox software has emerged as a serious contender among MDM platforms with features that include mandatory access control.
Researchers at Ben-Gurion University of the Negev (BGU) are however reporting the discovery of a flaw in Knox’s architecture. The BGU Cyber Labs report claims that Knox allows malware to intercept emails, data transfers, and browser activity on Samsung’s GS4 devices.
“To solve this weakness, Samsung may need to recall their devices or at least publish an over the air software fix immediately. The weakness found may require Samsung to re-think a few aspects of their secure architecture in future models” – Dudu Mimran, CTO BGU labs.
According to Samsung’s initial investigations, the problem may not be as serious as the report suggests. A Samsung spokesperson noted that BGU’s discovery may have been performed on a phone that was not fully loaded with a Knox corporate client.