Knox flaws give full control of Samsung Galaxy, Note devices

By

Researchers detail KNOXout attack.

Three major flaws in Samsung's KNOX mobile security platform for Android allow attackers to gain "full control" of Galaxy and Note 5 smartphones, Israeli researchers have discovered.

Knox flaws give full control of Samsung Galaxy, Note devices

Viral Security has posted a whitepaper and proof of concept for what the firm dubbed the KNOXout attack.

To succeed, the attack requires use of an existing write-what-where kernel vulnerability; in this case the researchers used CVE-2015-1805, a flaw in the processing of vectored pipes by the Linux kernel.

Attackers can then exploit three privilege escalation vulnerabilities within the Knox platform's real-time kernel protection to avoid its security mechanisms, execute their own code, and gain complete control of the phone.

The real-time kernel protection feature is responsible for defending against kernel exploits.

The researchers found it can be subverted to gain root privileges, and then disable additional kernel protections and load a custom, unsigned kernel module so the /system partition is remounted as writable.

"Malicious access to the system account can be used, for instance, to replace legitimate applications with rogue versions, with access to all available permissions, without the user’s notice," the researchers wrote.

Samsung told Wired the vulnerabilities had been patched in its May security update

It's the second time in a year researchers have uncovered weaknesses with the security platform. In May, Israeli researchers Uri Kanonov and Avishai Wool posted detail of three Knox and Android vulnerabilities, which, among other things, revealed security risks in sharing Knox services with user applications.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?