Remember how in the early years of business smartphones, Blackberry was known for the security of their devices? I'm talking about things that were happening 10-20 years ago, when Blackberry gained its reputation for the most secure portable devices and had an unwavering mobile platform. This was largely due to the enterprise software and high-level security certifications received at the time from some of the most demanding information security organizations in the world. Businesses were still using Blackberry at the time and because the phones were built for Mobile device management, i.e. remote management of mobile devices.
Today, Blackberry has capitulated in the smartphone segment, but its place has been taken by other more consistent companies in the mobile universe.
Security should be a top priority for any smartphone user. Phones have evolved rapidly in recent years and now store our most sensitive data: memories, conversations, your financial information or biometrics. Whether you use your phone to manage your personal or business life, phones hold extremely important data that can be exploited by malicious actors. I'd like to avoid calling them hackers, even though that's the most popular term that most of us fear.
Have you ever wondered why Samsung is the number one selling smartphone globally? Or why one out of two devices sold in Romania is from the South Korean brand? Or why Samsung just won the trophy for the best phone brand in Romania or for the best high-end smartphone in 2021 at the Connect Awards Gala (link in description)?
In short, it has to do primarily with trust. You know that if you choose a Samsung smartphone you will have a phone that you can rely on in terms of hardware and software. That it will be the right thing regardless of the price you pay, regardless of whether it's a high-end phone or a budget smartphone. However, I don't want to talk about sales, but about trust.
All the data we were talking about before, pictures, messages, banking apps or even the home screen is protected with a password or biometric data such as fingerprint or facial recognition. But have you thought about how they are further protected? Samsung has a security service provided under the name Knox, a security platform found in many of the manufacturer's phones, tablets and wearable products. In addition to the service, it also has one of the most powerful security chipsets, Secure Element, a security processor against physical attacks.
What is Samsung Knox and how does it protect your phone?
You may have also seen when you opened the phone that message from the beginning, Secured by Knox. But what does this actually mean?
First of all, I don't want to load your memory with many acronyms, even though I will use them, but I want you to remember only the essentials, and if you are curious and passionate about the subject, I will leave you in the description more technical resources to understand at a micro level how far Knox goes with protection.
Samsung Knox is a security platform that comes into play the first time your phone is turned on. Anchored into the device's hardware, Samsung Knox protects the device from the moment the operating system is loaded to the moment an app is opened.
Samsung quickly realized that a personal device with so much private information needed additional protection for private keys and digital certificates. Hence, the manufacturer came up with the idea of using Trusted Execution Environments using the TrustZone feature. The purpose of TrustZone is to isolate the software that handles the most sensitive data on the mobile device (passwords, keys, biometric data). Using Trustzone, a different operating system runs alongside Android, and in this way when a password or fingerprint needs to be verified, Android no longer has direct access to the security key, but the operating system must request a TrustZone applet to decrypt the data. This way, encrypted and sensitive data is not directly exposed to the Android operating system or public apps in Google Play.
Samsung Knox Vault protects you additionally
There are multiple layers of protection that Knox protects you from intrusions, and TrustZone and Real Time Kernel are not the only elements that protect Samsung devices. Now there's also Samsung Knox Vault protection. What this means?
Well, first of all, all your data is encrypted, and the Samsung Knox Vault processor protects the most critical information, such as the aforementioned (password, fingerprint, etc.), but also services connected with financial data, such as Samsung or Google Pay . All this data is transferred via a Knox Vault protocol to a secure area in the phone, Knox Vault Storage. All data here is completely isolated. It basically keeps out anyone but you, any unknown intrusion and more. Samsung didn't just consider software attacks, it built protection against physical attacks as well. Questions arise when voltage or temperature is fluctuating or when a laser is pointed at circuits. If it detects an attack, of any kind, it will lock the device immediately. I even saw an excellent comparison. If Trustzone was a well-armed vault in the middle of your bank, the Knox Vault processor is like a fortress with a vault safe and away from the bank. Fort Knox?
Samsung Knox Suite, a platform for the business environment
Over the years, Samsung Knox has evolved from a security platform for mobile devices to a complete suite of enterprise mobile management tools. Do you remember when I told you in the beginning that Blackberry was known as a leading provider in Mobile Device Management? Well, Samsung is today one of the few mobile phone manufacturers that offers a platform that allows the device to be used in the business environment.
Samsung Knox Suite is the business platform that allows the separation between personal and business life, and when we talk about the enterprise environment, IT administrators can apply security patches remotely, set APNs, VPN tunnels, install certificates, they can limit access to apps or websites, they can choose to have devices connect only to certain wireless networks, they can choose to limit the operation of an app within a geographic perimeter, and more. Everything is done remotely, from a distance, from a management console.
What I told you previously are just a few examples. There is a package of solutions, Knox Suite, with several modules described previously, but there are also software components that can be activated. It is not the first time that we approach the subject of Knox, we have talked with Samsung specialists in the past, and in an interview this year with Ovidiu Seceleanu, Head of B2B Division within Samsung Romania, we learned that Knox Suite comes on most Samsung hardened devices, like the Xcover 5 or Tab Active 3. They even have a one-year Knox Suite license with four essential Knox components included: Mobile Enrollment, Manage, Platform for Enterprise and E-Fota One.
Knox Suite is used by transport, logistics, distribution and retail companies, companies that have mobile employees, work in harsh environments and for which the suite of applications offered by Samsung offers productivity to employees, but also to managers of mobile fleets. During the pandemic, customers in the educational area used Samsung tablets and Knox Manage to be able to enroll and manage them. Rugged devices with the Knox suite can be used in many fields of activity, from the banking sector, the public sector, insurance, Horeca, distribution companies, pharmacy chains or even betting companies.
Software components include applications for scanning barcodes or POS, and a partnership between Samsung and Microsoft brings the Walkie Talkie function to some devices today. The partnership with Microsoft brings mobile productivity, multi-device experience and end-to-end security. You can find an extensive interview about Knox Suite on our website and I will leave a link in the description.