Samsung Knox

Knox
Developer(s)Samsung Group
Initial releaseMarch 2013 (2013-03)
Stable release
3.10 / 29 October 2023; 14 months ago (2023-10-29)[1]
Operating systemAndroid and Tizen
Websitewww.samsungknox.com/en Edit this at Wikidata

Samsung Knox is a proprietary security and management framework pre-installed on most Samsung mobile devices. Its primary purpose is to provide organizations with a toolset for managing work devices, such as employee mobile phones or interactive kiosks.[2] Samsung Galaxy hardware, as well as software such as Secure Folder and Samsung Wallet, make use of the Knox framework.[3][4]

Knox's features fall within three categories: data security, device manageability, and VPN capability.[5] Knox also provides web-based services for organizations to manage their devices. Organizations can customize their managed mobile devices by configuring various functions, including pre-loaded applications, settings, boot-up animations, home screens, and lock screens.[6]

Knox provides more granular control over the standard work profile to manage capabilities found only on Samsung devices.[7] As of December 2020, organizations can use specific Samsung mobile device cameras as barcode scanners, using Knox services to capture and analyze the data.[8]

Overview

Samsung Knox provides hardware and software security features that allow business and personal content to coexist on the same device. Knox integrates web services to assist organizations in managing fleets of mobile devices, which allows IT administrators to register new devices, identify a unified endpoint management (UEM) system, define the organizational rules that govern the use of devices, and upgrade device firmware over-the-air.[9] Developers can integrate these features with their applications using Knox SDKs and REST APIs.[10]

Services

Samsung Knox provides the following web-based services for organizations:

  • To manage mobile devices: Knox Suite, Knox Platform for Enterprise, Knox Mobile Enrollment, Knox Manage, and Knox E-FOTA.[9]
  • To customize and rebrand devices: Knox Configure[11]
  • To capture and analyze data: Knox Capture,[12] Knox Peripheral Management,[13] Knox Asset Intelligence[14]

Most services are registered and accessed through the Samsung Knox web consoles,[15] with some accessed through the Samsung Knox SDK.[16]

Knox Capture

Knox Capture uses a Samsung mobile device’s camera to capture all major barcode symbologies like UPC, Code 39, EAN, and QR. Through a web console, IT admins can manage the input, formatting, and output configuration of scanned barcode data, and associate a device app (for example, a web browser for QR data).[17]

Knox Asset Intelligence

Knox Asset Intelligence helps organizations improve the management, productivity, and lifecycle of mobile devices. Through a web console, IT admins can monitor device battery management, app usage insights, comprehensive device tracking, and detailed Wi-Fi analytics.[18]

Software

Container

When Samsung Knox debuted with the Galaxy Note 3 in 2013, it included a proprietary container feature that stored security-sensitive applications and data inside a protected execution environment.[19] Device users could switch between personal and business applications by tapping a Knox icon in the lower-left corner of the device screen.[20] The proprietary container, later called the Knox Workspace, was managed by organizations through a UEM system.[21]

Samsung then spun off consumer versions of the container feature, which did not require a UEM system to manage. These consumer versions included Personal Knox, later called My Knox starting in 2014. My Knox was replaced by Secure Folder in 2017.[22]

In 2018, Samsung partnered with Google to use its Android work profile to secure applications and data, and in 2019 deprecated the Knox Workspace container.[23] Samsung continues to pre-install the Secure Folder on most flagship mobile devices, but consumers must enable it for use.[24]

Samsung Real-Time Kernel Protection (RKP)

The Samsung RKP feature tracks kernel changes in real-time and prevents the phone from booting, as well as displaying a warning message about using "Unsecured" Samsung devices.[25] This feature is analogous to Android dm-verity/AVB and requires a signed bootloader.[26]

Security Enhancements for Android (SE for Android)

Although Android phones are already protected from malicious code or exploits by SE for Android and other features, Samsung Knox provides periodic updates that check for patches to further protect the system.[27]

Secure Boot

During Secure Boot, Samsung runs a pre-boot environment to check for a signature match on all operating system (OS) elements before booting in the main kernel. If an unauthorized change is detected, the e-fuse is tripped and the system's status changes from "Official" to "Custom".[28]

Other features

Several other features that facilitate enterprise use are incorporated in Samsung Knox, including Samsung KMS (SKMS) for eSE NFC services, Mobile device management (MDM), Knox Certificate Management (CEP), Single Sign-On (SSO), One Time Password (OTP), SIM PIN Management, Firmware-Over-The-Air (FOTA)[29] and Virtual Private Network (VPN).[30][31][32][33]

Samsung has patched the kernel to prevent root access from being granted to apps even after rooting was successful since the release of Android Oreo. This patch prevents unauthorized apps from changing the system and deters rooting.[34]

Hardware

Knox includes built-in hardware security features ARM TrustZone (a technology similar to TPM) and a bootloader ROM.[35] Knox Verified Boot monitors and protects the phone during the booting process, along with Knox security built at a hardware level (introduced in Knox 3.3).[36]

e-Fuse

Rooted Samsung Galaxy S10e with tripped e-fuse

Samsung Knox devices use an e-fuse to indicate whether or not an "untrusted" (non-Samsung) boot path has ever been run. The e-Fuse will be set in any of the following cases:

  • The device boots with a non-Samsung signed bootloader, kernel, kernel initialization script, or data.
  • The device is rooted.
  • Custom firmware is detected on the device (such as non-Samsung Android releases).

On Galaxy Book devices starting with the Galaxy Book 4, upgrading from one Windows version to another (from 22H2 to 23H2) will not set the e-Fuse, but upgrading to a higher edition (from Home to Pro) will.

When set, the text "Set warranty bit: <reason>" appears. Once the e-fuse is set, a device can no longer create a Knox Workspace container or access the data previously stored in an existing Knox Workspace.[37] In the United States, this information may be used by Samsung to deny warranty service to devices that have been modified in this manner.[38] Voiding consumer warranties in this manner may be prohibited by the Magnuson–Moss Warranty Act of 1975, at least in cases where the phone's problem is not directly caused by rooting.[39] In addition to voiding the warranty, tripping the e-fuse also prevents some Samsung-specific apps from running, such as Secure Folder, Samsung Pay, Samsung Health, and Samsung Internet's secret mode (as well as certain Samsung apps preloaded on Galaxy Books).[citation needed] For some older versions of Knox, it may be possible to clear the e-fuse by flashing a custom firmware.[40]

Samsung DeX

Options to manage Samsung DeX were added in Knox 3.3 to allow or restrict access using the Knox platform for added control and security.[41]

Samsung Knox TIMA

Knox's TrustZone-based Integrity Measurement Architecture (TIMA) allows storage of keys in the container for certificate signing using the TrustZone hardware platform.[42]

Notable security mentions

In June 2014, the Defense Information Systems Agency's (DISA) list of approved products for sensitive but unclassified use included five Samsung devices.[43]

In October 2014, a security researcher discovered that Samsung Knox stores PINs in plain text rather than storing salted and hashed PINs and processing them by obfuscated code.[44]

In October 2014, the National Security Agency (NSA) approved Samsung Galaxy devices for use in a program for quickly deploying commercially available technologies. Approved products include Galaxy S4, Galaxy S5, Galaxy S6, Galaxy S7, Galaxy Note 3, and Galaxy Note 10.1 2014.[43]

In May 2016, Israeli researchers Uri Kanonov and Avishai Wool found three vulnerabilities in specific versions of Knox.[45]

In December 2017, Knox received "strong" ratings in 25 of 28 categories in a Gartner publication comparing device security strength of various platforms.[46]

See also

References

  1. ^ "Samsung Knox 3.10 released". Samsung Knox Team. 6 November 2023. Retrieved 23 July 2024.
  2. ^ "Secure mobile platform and solutions". Samsung Knox. January 15, 2021. Archived from the original on December 23, 2020. Retrieved January 15, 2021.
  3. ^ "Samsung Wallet | Apps". The Official Samsung Galaxy Site. Retrieved 2023-10-04.
  4. ^ "Secure Folder". Samsung Knox. Retrieved 2023-10-04.
  5. ^ "Samsung Knox Feature Summary". docs.samsungknox.com. Retrieved 2021-01-06.
  6. ^ "8 Steps to Customizing Mobile Devices With Knox Configure". Samsung Business Insights. 2020-01-07. Retrieved 2021-01-06.
  7. ^ "App Container | Knox Platform for Enterprise White Paper". docs.samsungknox.com. Retrieved 2021-01-07.
  8. ^ Miller, Matthew. "Samsung Galaxy XCover Pro: Microsoft Teams Walkie Talkie experiences and Knox Capture release". ZDNet. Retrieved 2021-01-06.
  9. ^ a b "Knox for Enterprise Mobility". Samsung Knox. Retrieved 2021-01-06.
  10. ^ "Knox Developer Documentation". docs.samsungknox.com. Retrieved 2021-01-06.
  11. ^ "Knox for Device Customization". Samsung Knox. Retrieved 2021-01-06.
  12. ^ "Knox Capture". Samsung Knox. Retrieved 2021-01-06.
  13. ^ "Peripherals Overview". Samsung Knox. Retrieved 2021-06-28.
  14. ^ "Knox Asset Intelligence". Samsung Knox. Retrieved 2021-06-28.
  15. ^ "Samsung Knox Documentation Ecosystem". docs.samsungknox.com. Retrieved 2021-01-06.
  16. ^ "Samsung Knox Developer Documentation". docs.samsungknox.com. Retrieved 2021-06-28.
  17. ^ "Samsung Knox Capture". docs.samsungknox.com. Retrieved 2021-06-28.
  18. ^ "Samsung Knox Asset Intelligence". docs.samsungknox.com. Retrieved 2021-06-28.
  19. ^ "New Samsung Galaxy Note 3 software features explained". Android Authority. 2013-09-04. Archived from the original on 2021-01-09. Retrieved 2021-01-07.
  20. ^ Ziegler, Chris (2013-02-25). "Samsung Knox: a work phone inside your personal phone (hands-on)". The Verge. Retrieved 2021-01-07.
  21. ^ "Evaluating top MDMs for Android and iOS". SearchMobileComputing. Retrieved 2021-01-07.
  22. ^ "Samsung discontinues My Knox, urges users to switch to Secure Folder". Android Authority. 2017-06-02. Retrieved 2021-01-07.
  23. ^ "What's new in Knox 3.4?". Samsung Knox. Retrieved 2021-01-07.
  24. ^ "What is the Secure Folder and how do I use it?". Samsung uk. Retrieved 2021-01-07.
  25. ^ "How we cracked Samsung's DoD- and NSA-certified Knox". ZDNet.
  26. ^ "Samsung RKP".
  27. ^ "What is SE for Android? | Samsung Support Philippines". Samsung ph. Retrieved 2021-01-04.
  28. ^ Alendal, Gunnar; Dyrkolbotn, Geir Olav; Axelsson, Stefan (2018-03-01). "Forensics acquisition — Analysis and circumvention of samsung secure boot enforced common criteria mode". Digital Investigation. 24: S60 – S67. doi:10.1016/j.diin.2018.01.008. hdl:11250/2723051. ISSN 1742-2876.
  29. ^ "Samsung Enterprise Firmware-over-the-air".
  30. ^ "Samsung SSO".
  31. ^ "Samsung CEP".
  32. ^ "Samsung OTP".
  33. ^ "Samsung Knox VPN".
  34. ^ "Disable DEFEX Security to Root Samsung Galaxy Devices on Oreo". 13 October 2018.
  35. ^ "Root of Trust | Knox Platform for Enterprise Whitepaper". docs.samsungknox.com. Retrieved 2018-11-13.
  36. ^ "vTZ: Virtualizing ARM TrustZone" (PDF).
  37. ^ Ning, Peng (2013-12-04). "About CF-Auto-Root". Samsung. Archived from the original on 2015-09-05. The sole purpose of this fuse-burning action is to memorize that a kernel or critical initialization scripts or data that is not under Samsung's control has been put on the device. Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container or access the data previously stored in an existing KNOX Container.
  38. ^ "Just how does Knox warranty void efuse burning work?". XDA Developers Forums. 28 June 2016. Retrieved 2021-01-05.
  39. ^ Koebler, Jason (2016-08-17). "Companies Can't Legally Void the Warranty for Jailbreaking or Rooting Your Phone". Motherboard. Retrieved 2018-10-27.
  40. ^ "Disable Knox on Samsung Galaxy Devices [4 Ways] | Android More". AndroidMore. Archived from the original on 2021-01-05. Retrieved 2020-12-14.
  41. ^ "Samsung DeX | Apps & Services | Samsung IN". Samsung India. Retrieved 2021-01-04.
  42. ^ "Samsung TIMA Keystores".
  43. ^ a b Ribeiro, John (2014-10-21). "NSA approves Samsung Knox devices for government use". PCWorld. Retrieved 2018-10-27.
  44. ^ Mimoso, Michael (2014-10-24). "NSA-Approved Samsung Knox Stores PIN in Cleartext". Threatpost. Retrieved 2018-10-27.
  45. ^ Forrest, Conner (2016-05-31). "Samsung Knox isn't as secure as you think it is". TechRepublic. Retrieved 2018-10-27.
  46. ^ "Introduction | Knox Platform for Enterprise Whitepaper". docs.samsungknox.com. Retrieved 2018-11-13.

Read other articles:

كلية الضباط الاحتياط (مصر)

كلية ضباط الاحتياط الدولة  مصر الولاء  مصر النوع كلية الدور تعليمي جزء من القوات المسلحة المصرية المقر الرئيسي فايد، محافظة الإسماعيلية شعار نصي إيمان * وطن * تضحية القادة القائد الحالي لواء أركان حرب / بهاء السيد عبدالرحيم تعديل مصدري - تعديل   كلية الضباط الاحتياط ...

 

Hubertus von Hohenlohe

Hubertus zu Hohenlohe Hubertus zu Hohenlohe (Wien 2015) Nation Mexiko Mexiko Geburtstag 2. Februar 1959 (64 Jahre) Geburtsort Mexiko-Stadt, Mexiko Größe 184 cm Gewicht 82 kg Karriere Disziplin Abfahrt, Super G, Riesentorlauf,Slalom, Kombination Trainer Osterreich/Bulgarien Kilian Albrecht[1] Nationalkader seit 1982 Status aktiv Platzierungen im Alpinen Skiweltcup  Einzel-Weltcupdebüt 8. Februar 1981in Aprica  Gesamtweltcup 42. (1981/82)  Komb...

 

Edmund Ironside, 1. Baron Ironside

William Edmund Ironside Field Marshal William Edmund Ironside, 1. Baron Ironside GCB, CMG, CBE, DSO (* 6. Mai 1880 in Edinburgh; † 22. September 1959 in London) war ein britischer Offizier und Chef des Imperialen Generalstabes von 1939 bis 1940. Inhaltsverzeichnis 1 Leben 2 Werke 3 Literatur 4 Weblinks Leben Ironside wurde als Sohn eines Militärarztes der Royal Horse Artillery geboren. Nach dem frühen Tod seines Vaters bereiste er mit seiner Mutter den Kontinent, wo er seine ersten Fremds...

Orange Is the New Brown

Australian sketch comedy series Orange Is the New BrownGenreComedyStarringNazeem HussainUrzila CarlsonBecky LucasMatt OkineBroden KellyCountry of originAustraliaOriginal languageEnglishNo. of seasons1No. of episodes6ProductionRunning time30 minutesProduction companyScreentimeOriginal releaseNetworkSeven NetworkRelease8 November 2018 (2018-11-08) –present Orange is the New Brown is an Australian sketch comedy television series on the Seven Network.[1] Orange is the New Brow...

 

Harry Schwarzwälder

Harry Schwarzwälder (bei einem dienst­lichen Bau­stellen­besuch in Bremen), 1969 Harry Schwarzwälder (* 16. März 1929 in Bremen; † 28. April 2019 in Bremen) war ein deutscher Heimatforscher. Inhaltsverzeichnis 1 Leben 2 Auszeichnungen und Ehrungen 3 Veröffentlichungen 4 Weblinks 5 Einzelnachweise Leben Harry Schwarzwälder, hier bei einer Film­betrachtung seiner Auf­nahmen in seiner Dienst­stelle, 1972 Harry Schwarzwälder war der jüngere Bruder des Bremer...

 

马力欧系列角色扮演游戏列表

马力欧系列角色扮演游戏マリオRPGシリーズMario role-playing games从上到下:纸片马力欧系列商标、马力欧与路易吉RPG系列商标、马里奥+疯狂兔子系列商标、《超级马力欧RPG》商标类型角色扮演开发商史克威爾、Intelligent Systems、AlphaDream、育碧米蘭、育碧巴黎、ArtePiazza发行商任天堂、育碧平台超級任天堂、任天堂64、Game Boy Advance、任天堂GameCube、任天堂DS、Wii、任天堂3DS、Wii U、...

Tranqui Island

Island in Los Lagos Region, Chile Tranqui Island (Chiloe)Native name: Isla Tranqui (de Chiloe)South east of Chiloé Island: Quellón, Chaullín, Acuy, Tranqui, Coldita, Cailin, Laitec, QueilénGeographyCoordinates42°57′40″S 73°28′06″W / 42.961073°S 73.46826°W / -42.961073; -73.46826AdministrationChileRegionLos RíosProvinceChiloé ProvinceCommuneQueilénAdditional informationNGA UFI=-903291 Tranqui is an island of the Chiloé Archipelago in southern Chile. ...

 

Pemilihan umum Bupati Hulu Sungai Tengah 2020

Pemilihan Umum Bupati Hulu Sungai Tengah 2020201520249 Desember 2020[1]Kandidat   Calon Aulia Oktafiandi Akhmad Tamzil Faqih Jarjani Partai Independen Independen Independen Pendamping Mansyah Sabri Ilham Effendy Abu Yazid Bustami   Calon Berry Nahdian Forqan Saban Effendi Partai PDI-P Partai Golongan Karya Pendamping Pahrijani Abdillah Alaydrus Peta persebaran suara Peta Kalimantan Selatan yang menyoroti Kabupaten Hulu Sungai Tengah Bupati dan Wakil Bupati petahanaAbdul Lati...

 

Yanni Live! The Concert Event

2006 live album & Concert film by YanniYanni Live! The Concert EventLive album & Concert film by YanniReleasedAugust 15, 2006GenreInstrumentalNew ageLength65:25LabelImage EntertainmentProducerYanniYanni chronology The Collection(2006) Yanni Live! The Concert Event(2006) Super Hits(2007) DVD CoverYanni Live! DVD cover Yanni Live! The Concert Event is the third live album by Yanni. It was recorded live at the Mandalay Bay Events Center, Las Vegas on November 6, 2004, and...

Sakasene

Historical region on the territory of modern Azerbaijan This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (October 2020) (Learn how and when to remove this template message)This article is written like a person...

 

森といのちの響き〜お伊勢さんとモアイの島〜

この記事の主題はウィキペディアにおける独立記事作成の目安を満たしていないおそれがあります。目安に適合することを証明するために、記事の主題についての信頼できる二次資料を求めています。なお、適合することが証明できない場合には、記事は統合されるか、リダイレクトに置き換えられるか、さもなくば削除される可能性があります。出典検索?: 森とい...

 

Montgomeryshire

Historic county of Wales County of Montgomery and County Montgomery redirect here. For other counties, see Montgomery County (disambiguation). For other uses, see Montgomeryshire (disambiguation). MontgomeryshireSir Drefaldwyn (Welsh)Broad Street and Montgomery Town Hall (2001) Show location in Wales Show location in England and Wales Show location in the United KingdomArea • 1831483,323 acres (1,955.94 km2) • 2011537,000 acres (2,170 km2) Population...

Fallen Is Babylon

1997 studio album by Ziggy Marley and the Melody MakersFallen Is BabylonStudio album by Ziggy Marley and the Melody MakersReleased1997GenreReggaeLength59:50LabelElektraProducerThe Melody MakersZiggy Marley and the Melody Makers chronology Free Like We Want 2 B(1995) Fallen Is Babylon(1997) Spirit of Music(1999) Professional ratingsReview scoresSourceRatingAllMusic[1]Rolling Stone[2] Fallen Is Babylon is the ninth album by Ziggy Marley and the Melody Makers, released in...

 

Defcon 5 (1995 video game)

1995 action-adventure video game 1995 video gameDefcon 5Developer(s)Millennium InteractivePublisher(s)EU: Psygnosis (PS)EU: GT Interactive (SAT)NA: Vic Tokai (MS-DOS)[1]NA: Data East (PS/SAT)[2][3]Platform(s)MS-DOS, PlayStation, Sega Saturn, 3DORelease1995Genre(s)Adventure, first-person shooterMode(s)Single-player Defcon 5 is an action-adventure video game developed by Millennium Interactive. It was released for MS-DOS in 1995, and ported to PlayStation, Sega Saturn an...

 

Jayanti Patnaik

Indian parliamentarian and social worker (1932–2022) Jayanti PatnaikMember of ParliamentIn office1980-1989 and 1998-1999Preceded byJanaki Ballabh PatnaikSucceeded bySrikant JenaConstituencyCuttack and BerhampurMember of ParliamentPreceded byP. V. Narasimha RaoSucceeded byAnadi Charan Sahu Personal detailsBorn(1932-04-07)7 April 1932Aska, Orissa, British IndiaDied28 September 2022(2022-09-28) (aged 90)[1]Bhubaneswar, Odisha, IndiaPolitical partyIndian National CongressSource: [1...

Lombardisch-Venetianische Staatsbahn

Lombardisch-Venetianische StaatsbahnStato Impero austriaco Fondazione1851 Chiusura1856 SettoreTrasporto Prodottitrasporto ferroviario Modifica dati su Wikidata · Manuale La Lombardisch-Venetianische Staatsbahn (LVStB), in italiano Ferrovia Statale Lombardo-Veneta, era una società ferroviaria statale austriaca, che dal 1851 al 1856 esercì la rete ferroviaria del Regno Lombardo-Veneto. Indice 1 Storia 2 Rete 3 Voci correlate 4 Altri progetti 5 Collegamenti esterni Storia Mappa dell...

 

Minha Mãe é uma Peça

2013 film directed by André Pellenz Minha Mãe é uma Peça: O FilmeTheatrical release posterDirected byAndré PellenzWritten byFil Braz (screenplay)Paulo Gustavo (play and screenplay)Produced byIafa BritzStarringPaulo GustavoIngrid GuimarãesHerson Capri Suely Franco Monica Martelli Samantha Schmütz Alexandra RichterCinematographyNonato EstrelaEdited byMarcelo MoraesMusic byPlínio ProfetaProductioncompanyMigdal FilmesDistributed byDowntown FilmesParis FilmesRelease date June 21, ...

 

Caproni AP.1

Caproni AP.1 Prototipo Caproni Ca.301 (AP.1). Tipo Avión de ataqueFabricante Cantieri Aeronautici BergamaschiDiseñado por Cesare PallavicinoPrimer vuelo 27 de abril de 1934Introducido 1936Retirado 1942 (Regia Aeronautica)1948 (España)1949 (Paraguay)Usuario principal Regia AeronauticaOtros usuariosdestacados Aviación Militar ParaguayaN.º construidos 68Variantes Caproni Ca.335[editar datos en Wikidata] El Caproni Bergamaschi AP.1[1]​ fue un avión de ataque monoplano diseñ...

Trade agreement

Wide ranging taxes, tariff and trade treaty Part of a series onWorld trade Policy Import Export Balance of trade Trade law Trade pact Trade bloc Trade creation Trade diversion Export orientation Import substitution Trade finance Trade facilitation Trade route Domestic trade Tax Restrictions Trade barriers Tariffs Non-tariff barriers Import quotas Tariff-rate quotas Import licenses Customs duties Export subsidies Technical barriers Bribery Exchange rate controls Embargo Safeguards Countervaili...

 

Marla Adams

Marla AdamsAdams in The Secret Storm (1968)Born(1938-08-28)August 28, 1938[1]Ocean City, New Jersey, U.S.DiedApril 25, 2024(2024-04-25) (aged 85)Los Angeles, California, U.S.OccupationActressYears active1958–2024 Marla Adams (August 28, 1938 – April 25, 2024) was an American television actress. She was best known for her roles as Belle Clemens on The Secret Storm, from 1968 to 1974,[2] and as Dina Abbott Mergeron on The Young and the Restless. She won an Emmy...

 

Strategi Solo vs Squad di Free Fire: Cara Menang Mudah!