Critical Security Flaws Discovered in Samsung Knox Give Hackers Full Control of Android Devices

Rafia Shaikh
Posted Oct 3, 2016
18Shares
Share Tweet Submit

It’s been an explosive month for Samsung, and apparently not just for its hardware. Security experts have revealed at least three vulnerabilities (CVE-2016-6584) in Samsung Knox that could give hackers “full control” of Samsung devices.

Security flaws discovered in Samsung Knox

Samsung KNOX is an umbrella term used by Samsung for a collection of security features that are employed in the Android operating system used in the company’s mobile devices. Samsung announced Knox in early 2013 as an end-to-end security solution for Android. Following earlier Tel Aviv research, Israeli security firm Viral Security Group has now disclosed three new privilege escalation vulnerabilities in a white paper published today. The flaws exist in a module called Real-time Kernel Protection – or, TIMA RKP. RKP is responsible for defending the system against kernel exploits.

Knox is designed to enhance security of the operating system. However, the flaws allowed full control of the Samsung Galaxy S6 and Note 5 that were used during the testing process. The exploits required an existing flaw to work. Viral’s security research team used an existing kernel vulnerability known as a write-what-where flaw, CVE-2015-1805. The group clarified that “any such vulnerability can be used” to exploit the flaws.

“Once you have the existing vulnerability this one overcomes all of Samsung’s protection mechanisms and gives you complete control of the device.” the group’s founder told Wired. The team was then able to avoid protections of the RKP and execute their own code.

These vulnerabilities allowed complete control of the devices. “Malicious access to the system account can be used, for instance, to replace legitimate applications with rogue versions, with access to all available permissions, without the user’s notice,” the white paper said.

The group informed Samsung of these vulnerabilities earlier in the year, which were patched in the May security update. Samsung says customers should keep their software and apps updated. However, older devices may remain at risk, as not many devices receive these security updates regularly.

Proof of concept repository | Whitepaper

Share Tweet Submit