LGS Innovations Discovers Samsung Mobile Product Security Vulnerability
Samsung Notified Immediately for Timely Remediation
With many organizations instituting BYOD (bring your own device) programs, mobile security is becoming an issue of increasing importance. The impact of a breach in a personal device has the potential to be as devastating as it would be if a network device was compromised.
LGS Innovations has a long-standing commitment to cybersecurity and a 75-year history of solving the toughest communications and network issues our customers face. Our Cyber Solutions organization is dedicated to researching and developing a security analysis framework that can uncover vulnerabilities in mobile and desktop-based systems. The security framework consists of dynamic and static analysis tools that allow our engineers and scientists to perform assisted and automated analysis of mobile and desktop applications.
Our cyber-focused research led to a recent software vulnerability discovery, which resulted in the remediation of a potentially damaging zero-day remote access vulnerability in Samsung SDS’s IAM (Identity Access Management) & EMM (Enterprise Mobility Management) software. By exploiting vulnerability in the software’s update process, malicious code could have been injected into a Samsung Knox container without the user’s knowledge.
Knox containers act as a segregated secure data storage and application environment and allow for controlled access to critical information. Once the custom written software was in the container, user data could be modified and exfiltrated off the device. The vulnerability also left open the possibility for the injected software to masquerade as trusted user applications, capturing login credentials and deceiving users into revealing sensitive information that could allow an attacker to gain access to other secure systems.
“Fighting information security threats requires vigilance on all fronts, at every layer of the system stack,” said Kevin Kelly, CEO of LGS Innovations. “It’s not just about securing the physical device or network access, but also understanding the less defined boundaries where these layers meld together and expose new threats. At LGS Innovations, our engineers take pride in understanding the complex challenges associated with this blurring divide and are constantly researching and developing new techniques to secure our mobile information-centric future.”
LGS responsibly disclosed the vulnerability to Samsung’s security team in March 2017. Assigned a high security risk rating, the vulnerability was further investigated by Samsung and quickly patched (April 2017) to ensure that mobile devices and the users and organizations they ultimately support were not left open to attack.
The LGS Innovations Cyber Solutions organization serves as a cybersecurity technology development and test facility for the systems, tools, technologies, and processes that support cyber-related applications. We have a team of highly motivated and creative electrical engineers, physicists, computer scientists, and cyber engineers to help us investigate security-related technologies related to modern communications networks. Our established and extensive track record of successes in advancing the security of our nation’s networks has been focused particularly on network assurance, reverse engineering, machine/deep learning, network reconnaissance, fingerprinting, anonymous network communication, privacy/anonymity algorithms, IoT security, and network architecture, design, and implementation.
About LGS Innovations
LGS Innovations is a technology company delivering mission-critical communications products, R&D, and supporting services to U.S. defense, intelligence, and civilian agencies and commercial customers around the world. We create advanced solutions in wireless communications, cybersecurity, signals processing and analysis, optical networking, photonics, routing and switching, and spectrum management. These solutions drive mission success in Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR), cyberspace operations, and network assurance. LGS Innovations is headquartered in Herndon, Virginia, with offices across the U.S. and overseas. We employ over 1,000 associates around the world, including 750 scientists and engineers. LGS Innovations: Listen. Innovate. Deliver. www.lgsinnovations.com.