Knox #5 Nib Review Jowo Oblique Double Broad
Programmer(s) | Samsung Grouping |
---|---|
Initial release | March 2013 (2013-03) |
Stable release | 3.eight / 23 Nov 2021 (2021-11-23) [1] |
Operating organisation | Android and Tizen |
Website | www |
Samsung Knox is a proprietary security and management framework pre-installed on nigh Samsung mobile devices. Its primary purpose is to provide organizations with a toolset for managing piece of work devices, such as employee mobile phones or interactive kiosks.[2] Knox provides more than granular control over the standard piece of work contour to manage capabilities institute only on Samsung devices.[three]
Knox'southward features fall inside 3 categories: information security, device manageability, and VPN adequacy.[4] Knox also provides web-based services for organizations to manage their devices. Organizations can customize their managed mobile devices past configuring various functions, including pre-loaded applications, settings, boot-upwardly animations, dwelling house screens, and lock screens.[5]
As of December 2020, organizations can utilize specific Samsung mobile device cameras as barcode scanners, using Knox services to capture and analyze the data.[6]
Overview [edit]
Samsung Knox provides hardware and software security features that allow concern and personal content to coexist on the aforementioned device. Knox integrates web services to assistance organizations in managing fleets of mobile devices, which allows IT administrators to register new devices, identify a Unified Endpoint Direction (UEM) system,[seven] define the organizational rules that govern the utilise of devices, and upgrade device firmware over-the-air.[8] Developers tin integrate these features with their applications using Knox SDKs and Residuum APIs.[9]
Services [edit]
Samsung Knox provides the post-obit web-based services for organizations:
- To manage mobile devices: Knox Suite, Knox Platform for Enterprise, Knox Mobile Enrollment, Knox Manage, and Knox E-FOTA.[8]
- To customize and rebrand devices: Knox Configure[10]
- To capture and clarify data: Knox Capture,[eleven] Knox Peripheral Management,[12] Knox Asset Intelligence[13]
Near services are registered and accessed through the Samsung Knox web consoles,[14] with some accessed through the Samsung Knox SDK.[fifteen]
Knox Capture [edit]
Knox Capture uses a Samsung mobile device'southward photographic camera to capture all major barcode symbologies like UPC, Lawmaking 39, EAN, and QR. Through a spider web console, It admins can manage the input, formatting, and output configuration of scanned barcode data, and associate a device app (for example, an Internet browser for QR data).[16]
Knox Asset Intelligence [edit]
Knox Asset Intelligence helps organizations amend the management, productivity, and lifecycle of mobile devices. Through a web console, It admins can monitor device bombardment management, app usage insights, comprehensive device tracking, and detailed Wi-Fi analytics.[17]
Software [edit]
Container [edit]
When Samsung Knox debuted with the Galaxy S3 in 2013, information technology included a proprietary container feature that stored security-sensitive applications and data inside a protected execution surround.[18] Device users could switch between personal and concern applications by tapping a Knox icon in the lower-left corner of the device screen.[nineteen] The proprietary container, later called the Knox Workspace, was managed by organizations through a UEM organisation.[20]
Samsung then spun off consumer versions of the container feature, which did not require a UEM organisation to manage. These consumer versions included Personal Knox, later called My Knox starting in 2014. My Knox was replaced past Secure Folder in 2017.[21]
In 2018, Samsung partnered with Google to use its Android work contour to secure applications and data, and in 2019 deprecated the Knox Workspace container.[22] Samsung continues to pre-install the Secure Folder on virtually flagship mobile devices, but consumers must enable it for apply.[23]
Samsung Real-Time Kernel Protection (RKP) [edit]
The Samsung RKP feature tracks kernel changes in real-time and prevents the phone from booting, besides as displaying a warning message about using "Unsecured" Samsung devices.[24] This feature is coordinating to Android dm-verity/AVB and requires a signed bootloader.[25]
Security Enhancements for Android (SE for Android) [edit]
Although Android phones are already protected from malicious lawmaking or exploits by SE for Android and other features, Samsung Knox provides periodic updates that check for patches to farther protect the system.[26]
Secure Boot [edit]
During Secure Boot, Samsung runs a pre-boot environment to bank check for a signature match on all operating arrangement (Os) elements before booting in the primary kernel. If an unauthorized change is detected, the due east-fuse is tripped and the system's condition changes from "Official" to "Custom".[27]
Other features [edit]
Several other features that facilitate enterprise use are incorporated in Samsung Knox, including Samsung KMS (SKMS) for eSE NFC services, Mobile device management (MDM), Knox Certificate Direction (CEP), Single Sign-On (SSO), One Time Countersign (OTP), SIM Pin Management, Firmware-Over-The-Air (FOTA)[28] and Virtual Private Network (VPN).[29] [30] [31] [32]
Samsung has patched the kernel to prevent root access from existence granted to apps even afterwards rooting was successful since the release of Android Oreo. This patch prevents unauthorized apps from changing the organisation and deters rooting.[33]
Hardware [edit]
Knox includes congenital-in hardware security features ARM TrustZone (a applied science similar to TPM) and a bootloader ROM.[34] Knox Verified Boot monitors and protects the telephone during the booting process, forth with Knox security built at a hardware level (introduced in Knox three.3).[35]
e-Fuse [edit]
Samsung Knox devices use an due east-fuse to betoken whether or not an "untrusted" (non-Samsung) boot path has ever been run. The e-fuse will be set if the device boots with a non-Samsung signed bootloader, kernel, kernel initialization script, or information. When fix, the text "Ready warranty scrap: <reason>" appears. Rooting the device or flashing a not-Samsung Android release also sets the e-fuse. Once the eastward-fuse is prepare, a device tin can no longer create a Knox Workspace container or access the data previously stored in an existing Knox Workspace.[36] In the Us, this information may exist used by Samsung to deny warranty service to devices that have been modified in this manner.[37] Voiding consumer warranties in this manner may be prohibited by the Magnuson–Moss Warranty Human action of 1975, at least in cases where the phone'due south problem is non directly caused by rooting.[38] In addition to voiding the warranty, tripping the due east-fuse also prevents some Samsung-specific apps from running, such as Secure Folder, Samsung Pay, Samsung Health, and Samsung Browser's cloak-and-dagger style. For some older versions of Knox, it may be possible to clear the east-fuse by flashing a custom firmware.[39]
Samsung DeX [edit]
Options to manage Samsung DeX were added in Knox 3.3 to allow or restrict admission using the Knox platform for added control and security.[40]
Samsung Knox TIMA [edit]
Knox's TrustZone-based Integrity Measurement Architecture (TIMA) allows storage of keys in the container for document signing using the TrustZone hardware platform.[41]
Notable security mentions [edit]
In June 2014, the Defence force Information Systems Agency'southward (DISA) list of canonical products for sensitive but unclassified employ included v Samsung devices.[42]
In Oct 2014, a security researcher discovered that Samsung Knox stores PINs in plain text rather than storing salted and hashed PINs and processing them past obfuscated code.[43]
In October 2014, the U.S National Security Bureau (NSA) approved Samsung Milky way devices for employ in a program for quickly deploying commercially available technologies. Approved products include Galaxy S4, Galaxy S5, Galaxy S6, Milky way S7, Galaxy Note three, and Milky way Note 10.ane 2014.[42]
In May 2016, Israeli researchers Uri Kanonov and Avishai Wool found three vulnerabilities in specific versions of Knox.[44]
In Dec 2017, Knox received "strong" ratings in 25 of 28 categories in a Gartner publication comparing device security strength of various platforms.[45]
References [edit]
- ^ "What's new in Knox 3.eight". Samsung Knox Squad. 23 Nov 2021. Retrieved December nineteen, 2021.
- ^ "Secure mobile platform and solutions". Samsung Knox. January 15, 2021. Archived from the original on December 23, 2020. Retrieved January 15, 2021.
- ^ "App Container | Knox Platform for Enterprise White Paper". docs.samsungknox.com . Retrieved 2021-01-07 .
- ^ "Samsung Knox Characteristic Summary". docs.samsungknox.com . Retrieved 2021-01-06 .
- ^ "8 Steps to Customizing Mobile Devices With Knox Configure". Samsung Business Insights. 2020-01-07. Retrieved 2021-01-06 .
- ^ Miller, Matthew. "Samsung Milky way XCover Pro: Microsoft Teams Walkie Talkie experiences and Knox Capture release". ZDNet . Retrieved 2021-01-06 .
- ^ codeproof.com. "Samsung Knox Mobile Enrollment (KME) enrollment". Codeproof . Retrieved 2021-08-18 .
- ^ a b "Knox for Enterprise Mobility". Samsung Knox . Retrieved 2021-01-06 .
- ^ "Knox Programmer Documentation". docs.samsungknox.com . Retrieved 2021-01-06 .
- ^ "Knox for Device Customization". Samsung Knox . Retrieved 2021-01-06 .
- ^ "Knox Capture". Samsung Knox . Retrieved 2021-01-06 .
- ^ "Peripherals Overview". Samsung Knox . Retrieved 2021-06-28 .
- ^ "Knox Asset Intelligence". Samsung Knox . Retrieved 2021-06-28 .
- ^ "Samsung Knox Documentation Ecosystem". docs.samsungknox.com . Retrieved 2021-01-06 .
- ^ "Samsung Knox Developer Documentation". docs.samsungknox.com . Retrieved 2021-06-28 .
- ^ "Samsung Knox Capture". docs.samsungknox.com . Retrieved 2021-06-28 .
- ^ "Samsung Knox Asset Intelligence". docs.samsungknox.com . Retrieved 2021-06-28 .
- ^ "New Samsung Milky way Note 3 software features explained". Android Say-so. 2013-09-04. Retrieved 2021-01-07 .
- ^ Ziegler, Chris (2013-02-25). "Samsung Knox: a work phone inside your personal phone (hands-on)". The Verge . Retrieved 2021-01-07 .
- ^ "Evaluating top MDMs for Android and iOS". SearchMobileComputing . Retrieved 2021-01-07 .
- ^ "Samsung discontinues My Knox, urges users to switch to Secure Folder". Android Authority. 2017-06-02. Retrieved 2021-01-07 .
- ^ "What'due south new in Knox three.four?". Samsung Knox . Retrieved 2021-01-07 .
- ^ "What is the Secure Folder and how do I employ it?". Samsung britain . Retrieved 2021-01-07 .
- ^ "How we cracked Samsung'due south DoD- and NSA-certified Knox". ZDNet.
- ^ "Samsung RKP".
- ^ "What is SE for Android? | Samsung Back up Philippines". Samsung ph . Retrieved 2021-01-04 .
- ^ "Forensics acquisition — Analysis and circumvention of samsung secure boot enforced common criteria mode". Digital Investigation. 24: S60–S67. 2018-03-01. doi:10.1016/j.diin.2018.01.008. hdl:11250/2723051. ISSN 1742-2876.
- ^ "Samsung Enterprise Firmware-over-the-air".
- ^ "Samsung SSO".
- ^ "Samsung CEP".
- ^ "Samsung OTP".
- ^ "Samsung Knox VPN".
- ^ "Disable DEFEX Security to Root Samsung Galaxy Devices on Oreo".
- ^ "Root of Trust | Knox Platform for Enterprise Whitepaper". docs.samsungknox.com . Retrieved 2018-11-13 .
- ^ "vTZ: Virtualizing ARM TrustZone" (PDF).
{{cite spider web}}
: CS1 maint: url-status (link) - ^ Ning, Peng (2013-12-04). "Well-nigh CF-Automobile-Root". Samsung. Archived from the original on 2015-09-05.
The sole purpose of this fuse-burning activeness is to memorize that a kernel or critical initialization scripts or data that is not under Samsung'south command has been put on the device. Once the e-fuse bit is burned, a Samsung KNOX-enabled device tin no longer create a KNOX Container or access the information previously stored in an existing KNOX Container.
- ^ "Just how does Knox warranty void efuse burning work?". XDA Developers Forums . Retrieved 2021-01-05 .
- ^ Koebler, Jason (2016-08-17). "Companies Tin't Legally Void the Warranty for Jailbreaking or Rooting Your Phone". Motherboard . Retrieved 2018-10-27 .
- ^ "Disable Knox on Samsung Galaxy Devices [4 Ways] | Android More". AndroidMore . Retrieved 2020-12-14 .
- ^ "Samsung DeX | Apps & Services | Samsung IN". Samsung Bharat . Retrieved 2021-01-04 .
- ^ "Samsung TIMA Keystores".
- ^ a b Ribeiro, John (2014-10-21). "NSA approves Samsung Knox devices for regime use". PCWorld . Retrieved 2018-10-27 .
- ^ Mimoso, Michael (2014-10-24). "NSA-Canonical Samsung Knox Stores Pin in Cleartext". Threatpost . Retrieved 2018-10-27 .
- ^ Forrest, Conner (2016-05-31). "Samsung Knox isn't as secure every bit you retrieve it is". TechRepublic . Retrieved 2018-10-27 .
- ^ "Introduction | Knox Platform for Enterprise Whitepaper". docs.samsungknox.com . Retrieved 2018-11-13 .
External links [edit]
- Official website
Source: https://en.wikipedia.org/wiki/Samsung_Knox
0 Response to "Knox #5 Nib Review Jowo Oblique Double Broad"
Postar um comentário