 |
| Samsung responds to theologizer vulnerability allegations |
Samsung theologizer security software package is ceaselessly gaining quality among the company
businesses. And whereas the USA Department of Defense was considering mistreatment the Knox-protected
Galaxy S4 for its employees, cyber security researchers at statesman University of the Negev
in Israel discovered a heavy vulnerability.
According to the researchers the problem not solely exposes vital email and communication
data, however additionally permits hackers to insert malicious code through mistreatment it. Samsung
immediately denied all potential vulnerabilities, however launched investigation anyway.
The investigation is currently over and Samsung says it absolutely was ready to verify the exploit and has
intercepted vital knowledge. because it seems tho\' this is often not a flaw within the theologizer software package,
but a classic Men within the Middle attack, potential as a result of user\'s omission whereas configuring
the theologizer security feature.
Here\'s Samsung\'s official description of the matter and some tips the way to avoid it.
Samsung are going to be causation messages to the theologizer users with the following pointers too.
\"This analysis failed to establish a flaw or bug in Samsung theologizer or Android; it incontestable a
classic Man within the Middle (MitM) attack, that is feasible at any purpose on the network to
see unencrypted application knowledge. The analysis specifically showed this is often additionally potential
via a user-installed program, reaffirming the importance of encrypting application knowledge
before causation it to the web. automaton development practices encourage that this be
done by every application mistreatment SSL/TLS. wherever that is unacceptable ( for example , to support
standards-based unencrypted protocols, like HTTP ) , automaton provides constitutional VPN and
support for third-party VPN solutions to safeguard knowledge. Use of either of these normal
Security Technologies would have prevented an attack supported a user-installed native
application.\"
\"KNOX offers extra protections against MitM attacks. Below could be a a lot of elaborated
description of the mechanisms that may be organized on Samsung theologizer devices to safeguard
against them:\"
Mobile Device Management — MDM could be a feature that ensures that a tool containing
sensitive data is about up properly in step with AN enterprise-specified policy and
is available within the normal automaton platform. theologizer enhances the platform by adding several
additional policy settings, as well as the flexibility to lock down security-sensitive device
settings. With AN MDM organized device, once the attack tries to vary these settings,
the MDM agent running on the device would have blocked them. therein case, the exploit
would not have worked.
Per-App VPN — The per-app VPN feature of theologizer permits traffic solely from a delegated and
secured application to be sent through the VPN tunnel. This feature are often by selection
applied to applications in containers, permitting fine-grained management over the exchange
between communication overhead and security.
FIPS one40-2 — theologizer implements a FIPS 140-2 Level 1 certified VPN consumer, a National Institute of Standards and Technology normal
for data-in-transit protection together with NSA suite B cryptography. The FIPS 140-2 normal
applies to any or all federal agencies that use cryptographically robust security systems to
protect sensitive data in PC and telecommunication systems. several enterprises
today deploy this cryptographically robust VPN support to safeguard against data-in-transit
attacks.
So, because it seems there is not any reason to lose your sleep regarding your Knox-secured
device - your knowledge remains safe with it.
No comments:
Post a Comment