Researchers Claim Samsung’s Galaxy S4 Has Security Flaw


The Galaxy S4 is Samsung’s flagship smartphone, and it seems that the company’s been making inroads to get the device adopted by the US government as an alternative to the Blackberry. But according to a report in the Wall Street Journal from yesterday, Israeli researchers have found a pretty glaring security hole in the device’s security software—Knox—which could open the door for hackers to take control of the phone and get access to the data Knox is supposed to protect.

The flaw was found by Mordechai Guri, a researcher who works at Ben-Gurion University’s Cyber security Lab, who found the security hole accidentally while working on a different mobile security project with the device. According to the report, Knox walls off a portion of the Galaxy S4 to keep data secure, while the rest of the phone remains a normal piece of personal technology.

But Guri found that this flaw could give hackers access to the secured portion if malicious apps—which could be disguised as other programs or even games—are downloaded to the non-secure, traditional portion of the phone. The report says that “even if the app were installed on a device outside the Knox container, that malware could be activated to record all data communication taking place inside the container.”

In short, that makes Knox’s supposed security completely insecure.

For its part, Samsung offered up a statement from a spokesperson, who explained that the problems discovered aren’t quite as dire as Guri makes them out to be. Moreover, the spokesperson essentially denies that Knox can actually be bypassed so easily:

“[Samsung] takes all security vulnerability claims very seriously […] The Threat appears to be equivalent to some well-known attacks. […] Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware.”

Whether you believe Samsung or not, it’s not great news for the device’s security reputation. But this isn’t the first example we’ve found of security issues regarding Android’s phones—just last month a vulnerability to SMS-attacks was found in the Google Nexus line of phones, while back in August Bluebox Security went into detail about the general vulnerabilities that can be found in the open Android platform as a whole.

In the end, it may be a while before a truly secure smartphone situation is developed. Until then, keep your important stuff locked in your desk or something.