Samsung responds to reports on security vulnerability of its devicesJanuary 10, 2014 - 19:17 AMT PanARMENIAN.Net - Late last month, cybersecurity researchers at Israel’s Ben-Gurion University of the Negev released a report claiming to have discovered a serious security vulnerability in the Galaxy S4 and other devices that run Samsung’s Knox security software. The researchers said that this security hole could allow a malicious hacker to intercept data sent to and from Samsung phones like the Galaxy S4, including emails and other potentially sensitive data, according to BGR.com. Samsung said that it was investigating the supposed vulnerability, and now the smartphone maker has issued a public response to the Ben-Gurion University researchers’ claims. “After discussing the research with the original researchers, Samsung has verified that the exploit uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device,” Samsung said in a statement posted on its Knox website Thursday, Jan 9. “This research did not identify a flaw or bug in Samsung KNOX or Android; it demonstrated a classic Man in the Middle (MitM) attack, which is possible at any point on the network to see unencrypted application data.” The statement continued, “The research specifically showed this is also possible via a user-installed program, reaffirming the importance of encrypting application data before sending it to the Internet. Android development practices encourage that this be done by each application using SSL/TLS. Where that’s not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application.” Samsung went on to offer three specific measures IT professionals can take in order to ensure that their firms’ data is protected from Man in the Middle attacks like the one described by the researchers at Ben-Gurion University. The company also offered a comment from a third-party security expert, who agreed with Samsung’s assessment. “Proper configuration of mechanisms available within KNOX appears to be able to address the previously published issue,” said mobile security expert Patrick Traynor, a professor at the Georgia Institute of Technology. “Samsung should strongly encourage all of their users to take advantage of those mechanisms to avoid this and other common security issues.” Related links: Top stories Yerevan will host the 2024 edition of the World Congress On Information Technology (WCIT). Rustam Badasyan said due to the lack of such regulation, the state budget is deprived of VAT revenues. Krisp’s smart noise suppression tech silences ambient sounds and isolates your voice for calls. Gurgen Khachatryan claimed that the "illegalities have been taking place in 2020." Partner news Most popular in the section | Armenian, Azerbaijani heads of parliament meet in Switzerland President of the Armenian parliament Alen Simonyan met with the Speaker of the Azerbaijani Milli Majlis Sahiba Gafarova. Border residents overnight on highway to protest Armenia’s Residents of Kirants continue to express outrage over the government’s decision to cede land to Azerbaijan. Get Started: An educational platform for young startuppers The Get Started program which operates in two phases is an important platform for young startuppers. Byblos Bank Armenia celebrates Students' Day with scholarship recipients YSU students who received scholarships from Byblos Bank Armenia gathered in a casual setting to meet with the Bank's CEO, Hayk Stepanyan. |