Privacy has become a major concern in recent years, more than it has ever been before. With news headlines filled with stories of people having their data stolen and being scammed, it’s no wonder why many of us are looking for better solutions to protect our privacy and stay safe while using our gadgets.
Fortunately, if you own a Galaxy device, you’re less likely to be one of those headlines thanks to Samsung Knox. What is it? How does it work? Is it safe? Can it be hacked? We will answer all these questions and more. Let’s get started.
What is Samsung Knox?
Introduced in 2013, Knox is Samsung’s proprietary defense-grade mobile security system built into Galaxy devices. The most basic function is to protect sensitive data, including passwords, PINs, fingerprints and face unlock. It also protects your device from malware, malicious apps and intrusions.
It does this by using an intricate combination of hardware and software-based security solutions that work together to minimize breaches. Knox has over 60 certifications that meet security requirements set by governments in more than 10 countries, including the US, Canada, the UK, Spain, Germany, China and more.
Samsung claims its Knox platform has secured more than one billion Galaxy devices since its launch, including phones, tablets and wearables. This protection is integrated into the pre-installed Samsung apps on your Galaxy device, such as Secure Folder, Samsung Health, Samsung Pay and Samsung Pass.
Knox is also available as an enterprise solution, but that is beyond the scope of this article.
How does Samsung Knox work?
Before knowing how Knox works, you need to understand how data is normally secured on smart devices. ARM-based smartphone processors such as Qualcomm Snapdragon or Apple Silicon have what is called a TrustZone; there is a secure environment built into the CPU of the chip running an OS other than Android.
The job of TrustZone is to provide a foundation for system-wide security by dividing computing resources into two parts: the secure world and the normal world. The secure world has special privileges and can identify, encrypt and keep sensitive data away from the normal world.
Brands use the TrustZone architecture to build their own security solutions. Samsung Knox uses it to create its Trusted Execution Environment (TEE); information in TEE cannot be replaced or changed by unauthorized entities. For reference, Apple’s equivalent of the TEE Secure Enclave is a separate processor inside the Apple Silicon SoC.
In 2021, with the launch of the Galaxy S21, Samsung expanded TEE’s protection via a new security platform called Knox Vault. It’s a hardware-based security system that contains a physical processor and memory device that’s different from the ones already on your phone.
Although TrustZone works independently, it is not that secure as it shares the main CPU and memory with the Android OS. This places the burden of protecting your data on weaker software-based security protections. This is not enough.
That’s why Knox Vault physically distances the secure world from the ordinary world, allowing it to process and store biometrics, passwords and other data separately. This is a big deal because hardware is much less changeable than software.
What Knox means to you
This means that when you, for example, put something into the Secure Folder app, it is first processed through the Knox Vault processor and then sent to the Knox Vault storage where it enjoys extra protection compared to your regular data.
Secure Folder creates clones of apps like Gallery, Contacts and My Files where you can store confidential photos, videos, contacts, documents, voice memos and more. Once you’re in the app, you can’t back up your data to Samsung Cloud, which means if you delete or reset the Secure Folder, the data in it will be destroyed unless you move it out first.
Apart from this, Samsung Knox also offers a security hypervisor called Real-Time Kernel Protection (RKP) that prevents malware and malicious apps from gaining control of the device’s core, protecting the system at large.
The unit core is the last line of defense; if an attacker gets hold of it, they gain full control of your device, and there’s nothing you can do after that point to protect your privacy. That’s why Knox uses multi-layered security to create multiple lines of defense covering the chipset, core, firmware and apps.
This protection is extended using the Knox Warranty Bit which detects if unofficial software has been installed on your device and triggers an irreversible e-safeguard. This voids the device’s warranty and prevents an attacker from performing security-sensitive operations.
How to check if your Galaxy device has Knox
You can check if your Galaxy device has Knox security by going to Settings > About phone > Software information. If there is no menu option with the title Knox version, your phone doesn’t have it. Samsung also provides a list of devices protected by Knox if you want to be doubly safe.
If you have, make sure you have the latest Knox version which at the time of writing is Knox 3.8. You don’t need to update it separately; Knox is automatically updated when you download a new software update.
Why cheap Samsung phones don’t have Knox
Cheap Samsung phones don’t get the same Knox treatment as more expensive ones. The former may still have a Secure Folder app in the app drawer, but it won’t get the Knox Vault hardware found in all Galaxy S and Z series phones, and the upper A series phones.
Basically, not all Samsung devices running One UI Core (a small version of One UI) get Knox hardware because it costs extra to put the chip in the device, which increases the price. This is bad because software-based security is easier to hack. If you can’t afford a flagship, you can still get the full Knox experience on the affordable Galaxy A33 and A53.
Can a Knox-protected device be hacked?
As secure as Knox is, it can still be hacked. This was proven in 2017 when Google Project Zero security researcher Gal Beniamini overcame Knox’s real-time kernel protection. Interestingly, Beniamini highlighted Knox’s vulnerabilities that he used to bypass the core protections. Samsung later fixed these bugs via a security update.
Does this mean Knox is ineffective? Not really, no.
The thing about mobile security systems is that they are a lot like the body’s immune system; they grow and become stronger over time. Building a security platform is a never-ending work in progress because attackers are constantly coming up with new ways to try to get past it.
With each new update, Knox becomes more secure, less buggy and better able to detect threats. And with the help of ethical hackers like Beniamini who act as vaccines for the Knox immune system, Samsung is able to find bugs and vulnerabilities before a real attacker can.
Protect your privacy with Samsung Knox
Samsung Knox is one of the toughest mobile security platforms ever built, and while we can’t say for sure how well it stacks up against Apple’s counterpart, it’s about as good as you can get on an Android device. If your Galaxy device is protected by Knox, you can rest assured that your sensitive data is safe.
At the same time, it is wise to remember that the researchers and analysts behind Knox are human and therefore fallible. So it is advisable to be aware of what kind of files and apps you download and store on your device to minimize the security risk.