Security researchers from the Israeli Viral Security Group identified three serious vulnerabilities in the Samsung Knox function which allows hackers to gain full control of the compromised devices.
Samsung Knox is Dangerous
Samsung Knox has been identified as being extremely dangerous, even though the company has devised it as a security enhancing feature. Experts from the Israeli company Viral Security Group discovered three distinct issues in the feature that allows remote control of two devices – Samsung Galaxy S6 and Galaxy Note 5 which were used for tests.
The research team detailed their findings in a paper along with proof of concept information. The attack used several privilege escalation vulnerabilities that bypass the Knox’s Real-Time Kernel Protection. To get around this security feature the researchers use another security issue – CVE-2015-1895, also known as a “write-what-where vulnerability”. When the kernel is breached, the researchers are given the ability to explore the protection mechanisms.
This set of exploits overcomes all Samsung protection mechanisms and gives the attackers full remote control access to the target devices. The researchers have been able to execute their own arbitrary code at a low system level, giving them the potential to unleash devastating attacks. The consequences allow for several scenarios which the criminals can utilise:
- The replacement of legitimate applications with rogue versions
- Accessing data from the applications
- Eavesdropping on the users
- Rooting of the device
Samsung has said that customers should keep their software and mobile applications updated. The issues were fixed in the recent security updates issued by the company.