Samsung Knox

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Samsung Knox
Samsung Knox.png
Developer(s)Samsung Group
Initial releaseMarch 2013 (2013-03)
Stable release
3.2.1 / 7 January 2019; 2 months ago (2019-01-07)[1]
Operating systemAndroid and Tizen

Samsung Knox is an enterprise mobile security solution pre-installed in most of Samsung's smartphones, tablets, and wearables.[2] The following devices support the Knox Platform.[3]


Samsung Knox provides a list of security features – both hardware and software – that enable business and personal content to coexist on the same handset.


One feature – named the Knox Workspace app container [4] – allows a user to press an icon that switches immediately between Personal and Work mode with no reboot required.[5] The manufacturer has claimed this feature will be fully compatible with Android and Google and will provide full separation of work and personal data on mobile devices and "addresses all major security gaps in Android."[6]


Knox features hardware security features that are built into the device at the factory, including: ARM TrustZone (a technology similar to TPM) and a bootloader ROM.[7]


Samsung Knox devices also use an e-fuse to indicate whether or not an "untrusted" (non-Samsung) boot path has ever been run. The e-fuse will be set if the device is booted with a non-Samsung bootloader, kernel, kernel initialization script or data. Rooting the device and installing a non-Samsung Android release will, therefore, set the e-fuse. Once the e-fuse is set, a device can no longer create a Knox Workspace container, or access the data previously stored in an existing Knox Workspace.[8] This information may be used by Samsung to deny warranty service, in the United States, to devices that have been modified in this manner.[9] This is the case even though, in the United States, voiding of consumer warranties in this manner may be prohibited by the Magnuson–Moss Warranty Act of 1975, at least in cases where the phone's problem is not directly caused by rooting.[10] For some older versions of Knox, it may be possible to clear the e-fuse by flashing a custom firmware.[11]

Notable Security mentions[edit]

In October 2014, a security researcher discovered that Samsung Knox stores PIN in plain-text instead of storing salted and hashed PIN (or better, using PBKDF2) and precessed it by obfuscated code.[12]

In October 2014, U.S National Security Agency (NSA) approved Samsung Galaxy devices under a program for quickly deploying commercially available technologies. Approved products include Galaxy S4, Galaxy S5, Galaxy S6, Galaxy S7, Galaxy Note 3, Galaxy Note 10.1 2014.[13]

In June 2014, five Samsung devices were included in the list of approved products for sensitive but unclassified use by the Defense Information Systems Agency (DISA) of the Department of Defense, which certifies commercial technology for defense use.[13]

In May 2016, Israeli researchers, Uri Kanonov and Avishai Wool, found three key vulnerabilities existing in specific versions of Knox.[14]

In December 2017, Knox received strong ratings in 25 of 28 categories in Gartner’s December 2017 Mobile OSs and Device Security: A Comparison of Platforms.[15]

In June 2017, Samsung discontinued My Knox and urged users to switch to an alternate product, Secure Folder.[16]

Android Enterprise[edit]

On March 5, 2018, Samsung announced devices running Knox 3.0 and above integrate seamlessly with similar Android Enterprise features.[17]


  1. ^ "What's new in Knox 3.2?". Samsung Knox. 15 March 2018.
  2. ^ "Knox Platform for Enterprise White Paper". Samsung Knox. Samsung. 2018-09-12. Retrieved 2018-10-31.
  3. ^ "Devices built on Knox | Samsung Knox". Retrieved 2018-11-13.
  4. ^ "App Container | Knox Platform for Enterprise Whitepaper". Retrieved 2018-11-13.
  5. ^ Shaw, Ray (2013-03-23). "iTWire - Samsung Knox™ BlackBerry off Balance". iTWire. Retrieved 2018-10-27.
  6. ^ Goldman, David (2013-03-12). "Samsung targets BlackBerry with Knox". CNNMoney. Retrieved 2018-10-27.
  7. ^ "Root of Trust | Knox Platform for Enterprise Whitepaper". Retrieved 2018-11-13.
  8. ^ Peng Ning (2013-12-04). "About CF-Auto-Root". Samsung. The sole purpose of this fuse-burning action is to memorize that a kernel or critical initialization scripts or data that is not under Samsung's control has been put on the device. Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container.
  9. ^ Chainfire (2013-10-09). "More on KNOX warranty void". Service center instructions are indeed that devices with this status tripped will not receive any warranty repairs. (Of course, the action they take may still depend on the service center). Their excuse is that the hardware is damaged by the owner.
  10. ^ Koebler, Jason (2016-08-17). "Companies Can't Legally Void the Warranty for Jailbreaking or Rooting Your Phone". Motherboard. Retrieved 2018-10-27.
  11. ^ "A few things on knox / rooting and bootloaders that need more testing / development - Post #76". Retrieved 2018-10-27.
  12. ^ Mimoso, Michael (2014-10-24). "NSA-Approved Samsung Knox Stores PIN in Cleartext". Threatpost. Retrieved 2018-10-27.
  13. ^ a b Ribeiro, John (2014-10-21). "NSA approves Samsung Knox devices for government use". PCWorld. Retrieved 2018-10-27.
  14. ^ Forrest, Conner (2016-05-31). "Samsung Knox isn't as secure as you think it is". TechRepublic. Retrieved 2018-10-27.
  15. ^ "Introduction | Knox Platform for Enterprise Whitepaper". Retrieved 2018-11-13.
  16. ^ Rutnik, Mitja (2017-06-02). "Samsung discontinues My Knox, urges users to switch to Secure Folder". Android Authority. Retrieved 2018-10-27.
  17. ^ "Android Enterprise and Samsung Knox: Your questions answered here". Samsung Knox. 2018-02-24. Retrieved 2018-10-27.

External links[edit]