Introducing Samsung Knox 2.8, which includes a number of platform updates and feature updates for individual SDKs. The Knox 2.8 platform is built into the new Samsung Galaxy S8 and S8+ devices and platform features are built into the device software. Let’s take a look at the 2.8 updates!

Other devices will receive firmware updates pending on the release schedule of each mobile service provider. To check the Knox version that’s currently running on your device, go to Settings > About device > Software info.

Platform-based features are built into the device OS. All flagship devices include the following features:

Advanced security

1. Control flow protection

The Knox platform now prevents Return Oriented Programming (ROP) exploits. This enhancement restricts an attacker’s ability to hijack the control-flow of an OS kernel by encrypting return addresses before putting them on the stack

2. VPN support over IPv6 networks

When using the Knox VPN framework, device users can now access network resources over an IPv6 network. Previously, any IPv6 servers proposed during the VPN tunnel negotiation were rejected.

3. Trustzone app rollback preventions

The Knox platform now checks the Trusted Application (TA) version and blocks older TA versions which may provide exploitable vulnerabilities.

Convenience for device users

1. Power Saving mode

Enterprises can allow power saving mode to extend battery life, or disallow power saving mode to optimize manageability. In power saving mode, for example, an EMM agent does not work normally and cannot receive policy updates from the IT admin server.

2. Accessibility apps access to Knox Workspace

IT admins can now whitelist the accessibility apps that can access the Knox Workspace container, for example, to read what is displayed on the screen while in the container. Previously, to reduce vulnerabilities, the Knox Workspace container blocked access from all third-party accessibility apps except Google TalkBack.

3. Microsoft Exchange ActiveSync (EAS) as default storage for Contacts/Calendar

If an EAS account is set up on a device, it is now used as the default storage for the contacts, events, and tasks in the Contacts and Calendar apps. Previously, the device was the default storage and device users could lose this data after switching devices or deleting the Knox Workspace.

Data Loss Prevention

1. Data Loss Prevention logs

Enterprises can now view audit logs to browse events associated with DLP-protected content. Both informational events about content accessed as well as critical security events about unauthorized access are logged.

2. Data Loss Prevention from browser

Enterprises can define a list of trusted web sites to which device users can upload classified content from the Internet app inside the Knox Workspace.

Frictionless deployment

1. Support for enrolling both KC and KME on the same device

Customers can now register the same device (IMEI or Serial No) to both Knox Mobile Enrollment (KME) and Knox Configure (KC) portals. This feature enables customers to use Knox Configure and deploy their EMM using KME on the same device.

Management controls and compliance

1. Advance certificate enrollment and management

Enhances network security between an Enrollment over Secure Transport (EST) client and EST server per RFC 7030. Enterprises can use the EST protocol to initiate a Certificate Signing Request and manage credential generation and communications.

2. URL disclaimer in SMS/MMS messages

This feature is designed for regulated industries like banking, which need to attach a disclaimer to every SMS or MMS sent by their regulated employees, in order to comply with industry standards. Typically, the disclaimer links to a web page providing the full text of an organization’s legal disclaimer.

3. Emails sent outside a secure domain

This feature addresses financial industry requests to warn employees when they send emails outside their secure domain. Any destination email address lacking an approved address suffix is highlighted automatically in the native Email app.

4. Enterprise billing on dual SIM devices

Previously, the SIM1 card was used for enterprise billing by default. With this enhancement, you can select the SIM2 card for enterprise billing.

Next Steps

Discuss know more on Knox features. Please call 03-22024190 or complete this form to get trial license here.

Source: Samsung SEAP Portal


Enterprise Mobility Strategist & Mobile Security Specialist

Leave a comment

Your email address will not be published. Required fields are marked *