Virtualization is an important development in the fight against malware. In virtualization, activities are isolated from one another in “containers” so that if an activity is evil, the evil is isolated to that container. This security approach is also known as sandboxing.
In another demonstration of the important cybersecurity maxim of Dr. Frederick Chang, former NSA Director of Research:
… cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines.
the humans at Samsung developed Knox as a way to segregate processes into containers on secure cell phones. By segregating processes, bad guys are supposed to be unable to access the protected functions of the phone. Ph.D. student Mordechai Guri, a human at Ben-Gurion University of the Negev, has found a way to defeat Knox. He reports:
The Knox architecture features a regular phone environment as well as a secure container that is supposed to add security protection to the phone. All data and communications that take place within the secure container are protected and even if a malicious application should attack the non-secure part all the protected data should be inaccessible under all circumstances. However, the newly found breach can be used to bypass all Knox security measures. By simply installing an “innocent” app on the regular phone (in the non-secure container) all communications from the phone can be captured and exposed.
H0w does an attacker install an “innocent” app? In the realm of state affiliated cyberespionage, the answer is spearphishing. Spearphishing is a direct human-to-human engagement of cyberspace. In spearphishing the attacker attacks the systems through the human defenders by sending highly targeted emails to the defenders. These highly targeted emails deceive the defender into compromising his system. The FBI calls spearphishing the #1 attack method.
Humans’ email decisions can compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.