Samsung Knox

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Samsung Knox
Developer(s) Samsung Group
Operating system Android
Website samsungknox.com

Samsung Knox (stylized Samsung KNOX) is an enterprise mobile security solution.

Services[edit]

Samsung Knox provides security features that enable business and personal content to coexist on the same handset. The user presses an icon that switches from Personal to Work use with no delay or reboot wait time.[1] The manufacturer has claimed this feature will be fully compatible with Android and Google and will provide full separation of work and personal data on mobile devices and "addresses all major security gaps in Android."[2]

The Knox service is part of the company's "Samsung Approved For Enterprise" (SAFE) offerings for smartphones and tablets. Samsung Knox’s primary competitor is Blackberry Balance, a service that separates personal and work data. The name, Samsung Knox, is derived from Fort Knox.[3]

In October 2014, U.S National Security Agency (NSA) approved Samsung Galaxy devices under a program for quickly deploying commercially available technologies. Approved products include Galaxy S4, Galaxy S5, Galaxy Note 3, Galaxy Note 10.1 2014.[4]

In June 2014, five Samsung devices were included in the list of approved products for sensitive but unclassified use by the Defense Information Systems Agency (DISA) of the Department of Defense, which certifies commercial technology for defense use.[5]

Security[edit]

In October 2014, a security researcher discovered that Samsung Knox stores PIN in plain-text instead of storing salted and hashed PIN (or better, using PBKDF2) and precessed it by obfuscated code.[6]

e-fuse[edit]

Samsung Knox devices use an e-fuse to indicate whether or not an "untrusted" (non-Samsung) boot path has ever been run. The e-fuse will be set if the device is booted with a non-Samsung boot loader, kernel, kernel initialization script or data. Rooting the device and installing a non-Samsung Android release will therefore set the e-fuse. Once the e-fuse is set, a device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container.[7] This information may be used by Samsung to deny warranty service, in the United States, to devices that have been modified in this manner.[8] For some devices it is possible to clear the e-fuse by flashing a custom firmware.[9]

References[edit]

  1. ^ Ray Shaw (March 23, 2013). "Samsung Knox™ BlackBerry off Balance". IT Wire. Retrieved 21 April 2013. 
  2. ^ David Goldman (March 12, 2013). "Samsung targets BlackBerry with Knox". CNN Money. 
  3. ^ Hubert Nguyen (February 25, 2013). "Samsung KNOX Provides Privacy To BYODUsers". UberGizmo. Retrieved 21 April 2013. 
  4. ^ John Ribeiro (October 21, 2014). "NSA approves Samsung Knox devices for government use". computerworld. Retrieved 22 October 2014. 
  5. ^ John Ribeiro (October 21, 2014). "NSA approves Samsung Knox devices for government use". pcworld. Retrieved 22 October 2014. 
  6. ^ "NSA-Approved Samsung Knox Stores PIN in Cleartext". threatpost. October 24, 2014. Retrieved 3 December 2014. 
  7. ^ Peng Ning (2013-12-04). "About CF-Auto-Root". Samsung. The sole purpose of this fuse-burning action is to memorize that a kernel or critical initialization scripts or data that is not under Samsung’s control has been put on the device. Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. 
  8. ^ Chainfire (2013-10-09). "More on KNOX warranty void". Service center instructions are indeed that devices with this status tripped will not receive any warranty repairs. (Of course, the action they take may still depend on the service center). Their excuse is that the hardware is damaged by the owner. 
  9. ^ "A few things on knox". XDA Developers. This has been tested & working on Note 3 N900/Exynos on KitKat ND1 firmware which was on official status without root but Knox triggered, The file was flashed using Odin and after flashing I went into download mode and to my surprise Knox was been reset from 0x1 to 0 

External links[edit]