In an unusual move, Google and Samsung have released a joint statement claiming that reported flaws in the KNOX mobile security software used in Galaxy S4 Android phones are not really flaws at all. Rather, the vulnerability revealed is a man-in-the-middle (MitM) attack, the companies said. In a technology context, a MitM attack is one in which a malicious party gains access to private communication for the purpose of stealing sensitive information. These attacks can occur\u00a0at any point in the network, and Samsung and Google assert that this does not necessarily reflect a flaw in either KNOX or Android.\u00a0<\/p>\n
The Flaw That Wasn’t<\/strong><\/p>\n Ben-Gurion University Researcher Mordechai Guri reported in late December that he had discovered a hole in the Samsung enterprise mobile security software KNOX, claiming that he had found a way by which an attacker could bypass protected and encrypted data by installing an app into an unsecured compartment of the mobile device. Google and Samsung counter that Guri’s discovery simply “demonstrated a classic man-in-the-middle (MitM) attack, which is possible at any point on the network to see unencrypted application data. This research did not identify a flaw or bug in Samsung KNOX or Android.”<\/p>\n Furthermore, the joint statement\u00a0says that while Guri uses “legitimate Android network functions in an unintended way to intercept unencrypted network connection,” no patch is called for, nor will one be forthcoming from either Google or Samsung.<\/p>\n