Three weeks ago on the 23rd of December 2013, a story was published in the Wall Street Journal (WSJ) regarding a vulnerability we uncovered on Samsung KNOX devices. We’ll begin with a little background about the vulnerability. We found that a malicious app (without ROOT) running in the non-secure area of a KNOX based device (for example, Samsung S4) can affect the network configuration (important settings) of the secure container.
News & Press
As part of our ongoing mobile security research we have uncovered a network vulnerability on Android devices which has serious implications for users using VPN. This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.
A man in the middle is a classic attack. If there was a popularity contest for attacks I would bet that MitM (Man-in-the-middle) would score one of the top three! To our readers who don't know how it works then it is basically a setup of two endpoints that communicate with each other (i,e, client server) and someone or something seats somewhere in between and starts eavesdropping and maybe even changing the communications on the go.
Here is a nice illustration:
The Cyber Security Research Center @ Ben-Gurion University is a new institution and such we are in the phase of defining our goals, core competences and performance indicators.
During our work we naturally encounter vulnerabilities and security related issues which present an immediate risk to specific organizations and/or the public. Deciding what to do with a vulnerability is not an easy decision since from the moment you know about it in a way you share the responsibility on might happen to the people that may be affected by it.
Today in the world there are several approaches, here is a brief summary on them:
Israel Defense, Prime Minister's Office National Cyber Bureau, Kenes Exhibitions, and Ben-Gurion University of the Negev are pleased to invite you to the International Exhibition & Conference for Cyber Solutions, which will bring together leading multi-national companies, over a hundred start-ups, private and corporate investors, venture capital firms, experts, clients and many more. The event will take place on Janurary 27-28.
Welcome to our new shiny blog! The cyber security labs of Ben Gurion university is located in Beer Sheva, the capital of the Negev which is the southern part of Israel and it was founded three months ago. Just to be clear, starting 3 months ago does not mean we are newbies.