The Samsung Galaxy S4 smartphone has serious security flaws that could be easily exploited, said Israeli researchers.
Researchers with Ben-Gurion University of the Negev said that there’s a “critical vulnerability in highly secure Samsung mobile devices which are based on the Knox architecture.”
“The breach, researchers believe, enables easy interception of data communications between the secure container and the external world including file transfers, emails and browser activity,” the university said. It means that hackers could intercept e-mails and other data contained within the phone.
“To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ‘hole’ exists and was left untouched,” Mordechai Guri, a Ph.D. student at the university, said in the release.
He added: “The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” he said. “We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”
According to the Wall Street Journal, a spokesperson with Samsung said it is investigating the researchers’ claims. The spokesperson said the company does not believe the problem is as serious as the university claims, but added that the company “takes all security vulnerability claims very seriously.”
“Rest assured, the core Knox architecture cannot be compromised or infiltrated by such malware,” the spokesperson said.
Lt. Col. Damien Pickart, a U.S. Department of Defense spokesman, told the Journal that no device will be used by the Pentagon until it’s proven to be secure. “They have not been deployed and remain in testing,” he said.
The Galaxy S4 is considered among the world’s most popular smartphones and Samsung said that more than 10 million of the devices were sold in the first month after it was unveiled.
In early December, Samsung said there was a security vulnerability for its Note 3 phones, and it released a patch to fix it. The vulnerability, it said, posed a “threat to the integrity of Knox-enabled devices.”