三星Knox採用最多层式防护和最高安全性机制,经多国政府机构与安全认证组织共同推荐。Samsung Knox一款预装于Samsung手机、平板电脑和可穿戴设备上的企业级掌上设备安全加密芯片。
服务
相同掌上设备的功能。用户可以点击应用图标从个人模式转换到工作模式而无需延迟或重启。[2]制造商声称此功能将与安卓和谷歌完全兼容,并提供工作和个人数据的完全隔离并「解决Android中所有主要安全漏洞」。[3]
Knox服务是三星旗下的「三星企业服务」(SAFE)提供给智能手机和平板電腦的功能。三星Knox的主要竞争者是一项分离个人和工作数据的Blackberry Balance服务。三星Knox的名称源于诺克斯堡(Fort Knox)。[4]
2014年10月,美国国家安全局批准三星Galaxy设备运行程序以快速部署商用技术。批准设备包括Galaxy S4, Galaxy S5、Galaxy S6、Galaxy S7、Galaxy Note 3和Galaxy Note 10.1 2014。[5]
2014年6月,5部三星设备被美国国防部国防信息系统局(测定商用技术用于国防)列入了敏感但未分类使用的批准产品名单。[6]
2017年6月,三星终止了My Knox服务并催促用户切换到替代产品——安全文件夹。[7]
安全
2014年10月,一位安全学者发现三星Knox以明文形式而非以加盐和哈希过(使用PBKDF2更佳)再加以混淆的形式存储PIN码。[8]
2016年5月,以色列学者烏里·卡诺诺夫(Uri Kanonov)和埃维森·沃(Avishai Wool)发现在特定版本中的Knox存在三个致命性的漏洞。[9]
e-fuse
三星Knox设备使用e-fuse来辨别是否是通过「未受信任」(非三星)的启动路徑启动。若设备使用非三星的引导程式、内核、中央處理器初始化脚本或数据,e-fuse将会被设置。Root设备且安装非三星的安卓发行版也将会设置e-fuse。当e-fuse设被置时,设备不能再新建KNOX,或者是访问先前存于已存在的KNOX中。[10]这些信息可能被三星用來拒绝这些被修改过设备的保修服务。[11]在美国境内无效化客户的保修服务可能被馬格努森-莫斯質量保證法所禁止,尽管手机所出现的问题并不是因為root所造成的。[12]对于某些设备而言,使用刷新自制硬體的方法来清除e-fuse是可能的。[13]
参考文献
- ^ What’s new in Knox 2.9?. Samsung Knox. 28 August 2017 [2018-02-19]. (原始内容存档于2017-11-10).
- ^ Ray Shaw. Samsung Knox™ BlackBerry off Balance. IT Wire. March 23, 2013 [21 April 2013]. (原始内容存档于2017-12-24).
- ^ David Goldman. Samsung targets BlackBerry with Knox. CNN Money. March 12, 2013 [2018-02-19]. (原始内容存档于2018-03-04).
- ^ Hubert Nguyen. Samsung KNOX Provides Privacy To BYODUsers. UberGizmo. February 25, 2013 [21 April 2013]. (原始内容存档于2017-10-15).
- ^ John Ribeiro. NSA approves Samsung Knox devices for government use. computerworld. October 21, 2014 [22 October 2014]. (原始内容存档于2018-06-12).
- ^ John Ribeiro. NSA approves Samsung Knox devices for government use. pcworld. October 21, 2014 [22 October 2014]. (原始内容存档于2018-05-27).
- ^ Samsung discontinues My Knox, urges users to switch to Secure Folder. Android Authority. June 2, 2017 [22 August 2017].
- ^ NSA-Approved Samsung Knox Stores PIN in Cleartext. threatpost. October 24, 2014 [22 August 2017]. (原始内容存档于2018-06-12).
- ^ Samsung Knox isn't as secure as you think it is. TechRepublic. May 31, 2016 [22 August 2017]. (原始内容存档于2018-06-12).
- ^ Peng Ning. About CF-Auto-Root. Samsung. 2013-12-04 [2018-02-19]. (原始内容存档于2015-10-27).
The sole purpose of this fuse-burning action is to memorize that a kernel or critical initialization scripts or data that is not under Samsung's control has been put on the device. Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container.
- ^ Chainfire. More on KNOX warranty void. 2013-10-09 [2018-02-19]. (原始内容存档于2016-05-13).
Service center instructions are indeed that devices with this status tripped will not receive any warranty repairs. (Of course, the action they take may still depend on the service center). Their excuse is that the hardware is damaged by the owner.
- ^ Companies Can’t Legally Void the Warranty for Jailbreaking or Rooting Your Phone. Vice Media. [2018-02-19]. (原始内容存档于2016-12-20).
The Magnuson-Moss Warranty Act, passed by Congress in 1975, notes that “a warrantor cannot, as a matter of law, avoid liability under a written warranty where a defect is unrelated to the use by a consumer of ‘unauthorized’ articles or service.”
- ^ A few things on knox. XDA Developers. [2018-02-19]. (原始内容存档于2016-03-05).
This has been tested & working on Note 3 N900/Exynos on KitKat ND1 firmware which was on official status without root but Knox triggered, The file was flashed using Odin and after flashing I went into download mode and to my surprise Knox was been reset from 0x1 to 0
外部链接