Samsung Galaxy phones feature the Samsung Knox security system. But what is it, can you trust it, and can it be hacked?
Privacy has become a big concern over the last few years, more so than it has ever been before. With news headlines filled with stories about people having their data stolen and getting scammed, it's no wonder why many of us are looking for better solutions to protect our privacy and be safe while using our gadgets.
Luckily, if you own a Galaxy device, you're less likely to become one of those headlines thanks to Samsung Knox. What is it? How does it work? Is it safe? Can it be hacked? We'll be answering all of these questions and more. Let's get started.
What Is Samsung Knox?
Introduced in 2013, Knox is Samsung's proprietary defense-grade mobile security system that comes built into Galaxy devices. Its most basic function is to protect sensitive data including passwords, PINs, fingerprints, and face unlock. It also guards your device against malware, malicious apps, and intrusion.
It does this by using an intricate combination of hardware and software-based security solutions that work together to minimize breaches. Knox holds over 60 certifications meeting security requirements set by governments in more than 10 countries including the US, Canada, UK, Spain, Germany, China, and more.
Samsung claims the Knox platform has secured more than one billion Galaxy devices since its launch including phones, tablets, and wearables. This protection comes integrated into the pre-installed Samsung apps on your Galaxy device, such as Secure Folder, Samsung Health, Samsung Pay, and Samsung Pass.
Knox is also available as an enterprise solution, but that's outside the scope of this article.
How Does Samsung Knox Work?
Before you know how Knox works, you need to understand how data is normally secured on smart devices. ARM-based smartphone processors such as Qualcomm Snapdragon or Apple Silicon have what's called a TrustZone; it's a secure environment built into the CPU of the chip that runs an OS other than Android.
The job of TrustZone is to provide a foundation for system-wide security by splitting computer resources into two parts: the secure world and the normal world. The secure world has special privileges and can identity, encrypt, and keep sensitive data away from the normal world.
Brands use the TrustZone architecture to build their own security solutions. Samsung Knox uses it to create its Trusted Execution Environment (TEE); information inside the TEE cannot be replaced or modified by unauthorized entities. For reference, Apple's equivalent to TEE is the Secure Enclave which is a separate processor inside the Apple Silicon SoC.
In 2021, with the launch of the Galaxy S21, Samsung extended TEE's protection via a new security platform called Knox Vault. It's a hardware-based security system containing a physical processor and memory unit different from the ones already on your phone.
Although TrustZone works independently, it's not that secure since it shares the main CPU and memory with the Android OS. This puts the burden of protecting your data on weaker software-based security protections. This isn't enough.
That's why Knox Vault physically distances the secure world away from the normal world so that it can process and store your biometrics, passwords, and other data separately. This is a big deal because hardware is way less mutable than software.
What Knox Means for You
This means whenever you, say, put something in the Secure Folder app, it's first processed through the Knox Vault processor and then gets sent to the Knox Vault storage where it enjoys extra protection compared to your regular data.
Secure Folder creates clones of apps such as Gallery, Contacts, and My Files where you can store confidential images, videos, contacts, documents, voice notes, and more. When in the app, you cannot back up your data to Samsung Cloud which means if you delete or reset Secure Folder, the data in it will be destroyed unless you move it out first.
Other than this, Samsung Knox also offers a security hypervisor dubbed Real-Time Kernel Protection (RKP) which keeps malware and malicious apps from gaining control over your device's kernel, protecting the system at large.
The device kernel is the last line of defense; if an attacker gets hold of it, they gain full control over your device and there's nothing you can do after that point to protect your privacy. That's why Knox uses multi-layer security to create additional lines of defense covering the chipset, kernel, firmware, and apps.
This protection is extended via the use of Knox Warranty Bit which detects if unofficial software has been installed on your device and trips an irreversible e-fuse. This voids your device's warranty and prevents an attacker from performing any security-sensitive operations.
How to Check if Your Galaxy Device Has Knox
You can check if your Galaxy device has Knox security by going to Settings > About phone > Software information. If there's no menu option titled Knox version, your phone doesn't have it. Samsung also provides a list of devices protected by Knox if you want to be doubly sure.
If you do have it, make sure you've got the latest Knox version which at the time of writing is Knox 3.8. You don't have to update it separately; Knox gets updated automatically when you download a new software update.
Why Cheap Samsung Phones Don't Have Knox
Cheap Samsung phones don't get the same Knox treatment that more expensive ones do. The former might still have a Secure Folder app in the app drawer, but it won't get the Knox Vault hardware found in all Galaxy S and Z series phones, and the upper-end A series phones.
Basically, all Samsung devices running on One UI Core (a lite version of One UI) don't get Knox hardware because it costs extra to put the chip in the device, increasing the price. This is bad because software-based security is easier to hack. If you can't afford a flagship, you can still get the full Knox experience on the affordable Galaxy A33 and A53.
Can a Knox-Protected Device Be Hacked?
As secure as Knox is, it can still be hacked. This was proven in 2017 when Google Project Zero security researcher Gal Beniamini overcame Knox's Real-Time Kernel Protection. Interestingly, Beniamini highlighted Knox's vulnerabilities that he used to bypass its kernel protections. Samsung later fixed these errors via a security patch.
Does this mean Knox is ineffective? Not really, no.
The thing about mobile security systems is that they're a lot like your body's immune system; they grow and become stronger over time. Building a security platform is an endless work in progress because attackers keep coming up with new ways to try and get past it.
With every new update, Knox becomes more secure, less buggy, and more capable of spotting threats. And with the help of ethical hackers like Beniamini that act as vaccines for the Knox immune system, Samsung is able to find errors and vulnerabilities before a real attacker can.
Protect Your Privacy With Samsung Knox
Samsung Knox is one of the toughest mobile security platforms ever built, and while we can't say for sure how well it stands against Apple's counterpart, it's about as good as you can get on an Android device. If your Galaxy device is protected by Knox, you can rest assured your sensitive data is safe.
At the same time, it's wise to remember that the researchers and analysts behind Knox are human and hence fallible. So, it's advisable to be mindful of the kind of files and apps you download and store on your device to minimize security risks.