Advertisement
Tech by VICE

Hacker Says He Broke Through Samsung's Secure Smartphone Platform

When his rooting exploit worked on plenty of Android devices but failed on the Samsung Galaxy S7 Edge, researcher Di Shen decided to dig into KNOX.

by Joseph Cox
Jul 26 2017, 10:53pm

Image: Karlis Dambrans/Flickr

Beyond your normal Apple and Android devices exists a lively trade of specialized, security-focused smartphones. From the BlackPhone to custom BlackBerrys, these companies often promise more robust message communications and hardened devices.

That doesn't mean these phones are immune to hackers, however. In a presentation this week at Black Hat, one researcher will present how he thwarted the extra security mechanisms of Samsung's security-focused mobile platform KNOX. Although the vulnerabilities have already been fixed, the news still acts as a reminder that issues will likely exist in all pieces of software, even those designed specifically to be harder for hackers to penetrate.

Di Shen, a senior security researcher from research group Keen Lab, told Motherboard he started working on KNOX after discovering vulnerabilities that affected loads of Android devices, including Google Nexus, Huawei, and HTC phones back in 2016. The exploit also worked on a Samsung Galaxy S6, but curiously failed on the S7 Edge version.

"So I want to know why, and I believe there are some new exclusive kernel mitigations from Samsung KNOX. That is why I start to look at KNOX," he told Motherboard in a text message.

KNOX is a security platform available on Galaxy devices. It detects any tampering and provides more assurance that data is secure, according to Samsung's website. KNOX products are certified by 29 governments, and are also marketed towards business and enterprise customers, the website adds.

In short, Shen's exploit is a jailbreak, which removed the normal restrictions over installing new software or features. All a user needed to do was to download Shen's app, called KingRoot.

Shen said Samsung contacted him and asked for some technical details about the exploit, and asked whether the vulnerabilities have been fixed. Shen says Google fixed the issues in December.

Samsung did not respond to multiple requests for comment sent since last Thursday.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.