August 28, 2017

What’s new in Knox 2.9?

Samsung Knox News

Knox 2.9, the latest version of our mobile security platform, is now available! The 2.9 release contains several security and convenience features.


Real-time permission monitoring

Samsung devices that support this feature include a setting users can activate to receive notification when an app running in background mode accesses defined permissions. Users can enable/disable this monitoring feature, and view detailed information about the permission access attempt by the app. Monitored permissions include camera, microphone, SMS, video recording, and background screen capture activities.


USB class control for enterprise use

Enables granular control of USB functions on mobile devices as needed for DeX support. The enterprise can configure which USB classes are allowed for an employee’s device.


Network Platform Analytics

A new framework provides authorized apps with the ability to monitor network activity patterns without inspecting the contents of data packets. This feature is being released jointly with a compatible Cisco product that, in combination, provides a complete end-to-end network analytics solution. The following network context is provided for advanced network analytics and thread detection:

  • IP and DNS name of the accessed internet service
  • Name and hash of the app or process which is generating traffic
  • The user who is logged into the device at the time of the access
  • Bytes transferred in and out during a network session


Memory layout isolation and randomization

The Knox platform now isolates and randomizes the memory address layout of system apps separately from non-system apps. This minimizes the chance of bypassing address space layout randomization (ASLR) for critical system apps. Memory allocation for apps will no longer be granted in contiguous blocks; the memory associated with a given app is spread over all the available memory space in random blocks. This random distribution prevents malware apps from locating the boundary for their assigned space and then trying to overwrite legitimate data with malicious code.