Related
After reading about the new knox security features do you all think it will be harder to obtain root? It sounds like this feature locks the bootloader. Any insight on this?
Sent from my SPH-L900 using xda premium
I am also curious about this..
Sent from my Desire HD using xda premium
musclehead84 said:
After reading about the new knox security features do you all think it will be harder to obtain root? It sounds like this feature locks the bootloader. Any insight on this?
Click to expand...
Click to collapse
Knox is B2B only which means it only applies to devices companies purchase and provide to their employees. And there's a remote companion component necessary for it to be implemented. I'd expect it to be locked down tighter than Fort Knox (get it? ) with little or nothing an end user can do to a Knox device except play with their partition. I know for sure they can't add/modify/delete any apps or settings on the Knox side. It's probably overkill for most of the Fortune 500, and there are other less rigid ways of controlling remote devices, but it will have great appeal for government use and for companies that require security clearances and handle sensitive data.
Exactly! Knox for B2B only.
Sent from my GT-N7100
Samsung trying to snatch the BlackBerry crown and win lots of government contracts I reckon
Thanks for the explanation on it. Just had me kinda worried about that feature.
Sent from my SPH-L900 using xda premium
BarryH_GEG said:
Knox is B2B only which means it only applies to devices companies purchase and provide to their employees. And there's a remote companion component necessary for it to be implemented. I'd expect it to be locked down tighter than Fort Knox (get it? ) with little or nothing an end user can do to a Knox device except play with their partition. I know for sure they can't add/modify/delete any apps or settings on the Knox side. It's probably overkill for most of the Fortune 500, and there are other less rigid ways of controlling remote devices, but it will have great appeal for government use and for companies that require security clearances and handle sensitive data.
Click to expand...
Click to collapse
I don't think so its necessarily B2B My AT&T Galaxy S4 has a Knox apk on it and according to the Knox web page the chain of trust can be changed after a device is bought. So Someone can Buy their own device then place on the business network and due to corporate rules get their device locked down.
Since My Bootloader is locked and Knox can lock the bootloader I can only assume until I know otherwise that AT&T is using the same Knox methods to lock my consumer device.
Samsung has Rollout Firmware Updates to the S4 I9505 where KNOX is fully activated, Bootloader changed and SEAndoird is enforced.
So this is a mess for rooting.
But it seems that chainfire has hacked this again in CF-AutoRoot and SuperSU (1.60)
Regards
So I was one of the people that watch the S4 Launch Presentation online from beginning to end. After having had my phone since it was released by AT&T, I've tried/utilized every feature available on it at least once.
However, there is one "feature" I cannot find that I remember hearing about during the presentation. It had to do with "Work". I can't remember exactly, but it had to do with the "separation" of "Work" and "Personal" Functions... I think it was related to email? I'm trying to watch the video again but does this ring a bell for anyone?
Faluzure said:
So I was one of the people that watch the S4 Launch Presentation online from beginning to end. After having had my phone since it was released by AT&T, I've tried/utilized every feature available on it at least once.
However, there is one "feature" I cannot find that I remember hearing about during the presentation. It had to do with "Work". I can't remember exactly, but it had to do with the "separation" of "Work" and "Personal" Functions... I think it was related to email? I'm trying to watch the video again but does this ring a bell for anyone?
Click to expand...
Click to collapse
Android 4.2 introduces multi-user support. S4 does come with Android 4.2.2 and as such, they made it possible to separate the, say, work/personal accounts. The presentation was talking about a case where (in a corporate environment) the IT department would be able to setup your "Work" account as per their needs/requirements/restrictions while leaving the "Personal" user account untouched - actually not even having access to it.
Hope this answers your question.
That would be Samsung's Knox product, not multi-user from android. It has been delayed from release, but has been approved by DoD for use in government.
http://www.youtube.com/watch?v=lEdK9eUBlnA
Faluzure said:
So I was one of the people that watch the S4 Launch Presentation online from beginning to end. After having had my phone since it was released by AT&T, I've tried/utilized every feature available on it at least once.
However, there is one "feature" I cannot find that I remember hearing about during the presentation. It had to do with "Work". I can't remember exactly, but it had to do with the "separation" of "Work" and "Personal" Functions... I think it was related to email? I'm trying to watch the video again but does this ring a bell for anyone?
Click to expand...
Click to collapse
nacos said:
Android 4.2 introduces multi-user support. S4 does come with Android 4.2.2 and as such, they made it possible to separate the, say, work/personal accounts. The presentation was talking about a case where (in a corporate environment) the IT department would be able to setup your "Work" account as per their needs/requirements/restrictions while leaving the "Personal" user account untouched - actually not even having access to it.
Hope this answers your question.
Click to expand...
Click to collapse
bigworm50 said:
That would be Samsung's Knox product, not multi-user from android.
http://www.youtube.com/watch?v=lEdK9eUBlnA
Click to expand...
Click to collapse
Thanks. It does. is this not available yet?
bigworm50 said:
That would be Samsung's Knox product, not multi-user from android. It has been delayed from release, but has been approved by DoD for use in government.
http://www.youtube.com/watch?v=lEdK9eUBlnA
Click to expand...
Click to collapse
Knox is Samsung's own security implementation but the multi-user support (Work/Personal accounts) used by Knox is actually built/based on Android 4.2 multi-user feature. Knox cannot be implemented on earlier versions of Android exactly due to Android's lack of multi-user support.
The multi-user support is present in all Android 4.2 versions regardless of hardware as well as Cyanogenmod 10 and up - without actually having anything to do with Samsung's Knox.
Knox was built from the ground up as platform/application security and device management. The multi-user feature is similar to android's built in feature in name only. Knox reaches all the way down to the bootloader.
Knox comes out in the summer in a future update. It seems nice but my work place doesn't use work phones.
bigworm50 said:
Knox was built from the ground up as platform/application security and device management. The multi-user feature is similar to android's built in feature in name only. Knox reaches all the way down to the bootloader.
Click to expand...
Click to collapse
This could get interesting. I would assume a Knox enabled device would have a perma locked bootloader. If Samsung were to push an update including Knox, they could theoretically lock the phone down tight like Motorola did to the Atrix line, no?
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2
So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.
Since it is pretty clear that Samsung is not going to honor warranty service on knox tripped devices, I'm wondering of they will still fix them for a fee.
Why am I wondering? I'm curious if they can reset knox at the factory. If so, it means we can reset knox ourselves. I'm an electrical engineer and am looking into a hardware modification that would render knox useless.
In non technical terms, it would be similar to bypassing a blown fuse in your car with a piece of metal in place of the burnt fuse.
It is extremely possible, depending on the efuse they use. It's hard for me to imagine they would install the efuse in such a way that even they would be unable to reverse it.
Efuses are not new technology, and their main purpose is to act in a very simiar way to standard circuit breaker. And just like a tripped breaker, they can be reset. Its simply a matter of what type they used, and how it was implemented
Sent from my SM-P600 using Tapatalk
Serinety said:
Since it is pretty clear that Samsung is not going to honor warranty service on knox tripped devices, I'm wondering of they will still fix them for a fee.
Why am I wondering? I'm curious if they can reset knox at the factory. If so, it means we can reset knox ourselves. I'm an electrical engineer and am looking into a hardware modification that would render knox useless.
In non technical terms, it would be similar to bypassing a blown fuse in your car with a piece of metal in place of the burnt fuse.
It is extremely possible, depending on the efuse they use. It's hard for me to imagine they would install the efuse in such a way that even they would be unable to reverse it.
Efuses are not new technology, and their main purpose is to act in a very simiar way to standard circuit breaker. And just like a tripped breaker, they can be reset. Its simply a matter of what type they used, and how it was implemented
Yea its possible with a unlocked boot loader cause removing knox itself from the system is not hard but that counter is in the bootloader.
Click to expand...
Click to collapse
jparasita said:
Yea its possible with a unlocked boot loader cause removing knox itself from the system is not hard but that counter is in the bootloader.
Click to expand...
Click to collapse
If it truly is an efuse, they are physically blown transistors due to intentional electromigration , inhibiting electron flow through the channel, basically, preventing the gate from allowing electron flow through the channel.
however, if the efuse is an external chip (most of them are, it would be added to the motherboard, just like ram, wifi chip, wacom digitizer.. etc) then that chip will either have a reset (by applying voltage to the latch) or can be bypassed physically (pulled up to Vcc).
In this case, an unlocked boot loader would not be able to bypass the blown fuse link. It may, however, be able to forgo checking the status of the efuse, but I really don't know know how its all assembled, since getting a datasheet on the board from samsung would be impossible. The only hope I have as an engineer is to examine the board and attempt to find the location of the fuse.
Here is some efuse Education:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
You may want to read this
http://forum.xda-developers.com/showthread.php?t=2561658
So it seems as if there is some misinformation running around on all ends. Seems logical to me to go with the Samsung knox website, where they say that hardware warranty is separate from knox warranty.
I'm going to email samsung and try to get a straight answer. I'll setup a claim for my device. I'll say it has a bad home button or something silly, then mention the knox bit is tripped. The 2 are totally unrelated, so seems like a good test.
Sent from my SM-P600 using Tapatalk
Serinety said:
So it seems as if there is some misinformation running around on all ends. Seems logical to me to go with the Samsung knox website, where they say that hardware warranty is separate from knox warranty.
I'm going to email samsung and try to get a straight answer. I'll setup a claim for my device. I'll say it has a bad home button or something silly, then mention the knox bit is tripped. The 2 are totally unrelated, so seems like a good test.
Sent from my SM-P600 using Tapatalk
Click to expand...
Click to collapse
Should be intesting to follow. Looking forward to see what happens.
An efuse is not like a standard circuit breaker at all. It is like a regular fuse. Circuit breakers are designed to be reset. They are not permanently physically modified in any way when tripped. Efuses and fuses, on the other hand, are physically burned when they are tripped, and cannot be reverted.
As far as being on a separate chip: I highly doubt this to be the case. First, to minimize power consumption no one wants to drive an extra package. Second, virtually all SoC designs incorporate an efuse bank somewhere on their chip. Though I could be wrong on this point, as there could be incentive to include them off-SoC if device remanufacturing (read: refurbishing) is a significant source of revenue for the OEM.
Source: I am a SoC design engineer for an industry outside the mobile personal electronics sector, and they are pretty much commonplace in every SoC made in at least the last 5+ years.
Sent from my Nexus 7 using XDA Premium HD app
flinttownbrown said:
An efuse is not like a standard circuit breaker at all. It is like a regular fuse. Circuit breakers are designed to be reset. They are not permanently physically modified in any way when tripped. Efuses and fuses, on the other hand, are physically burned when they are tripped, and cannot be reverted.
As far as being on a separate chip: I highly doubt this to be the case. First, to minimize power consumption no one wants to drive an extra package. Second, virtually all SoC designs incorporate an efuse bank somewhere on their chip. Though I could be wrong on this point, as there could be incentive to include them off-SoC if device remanufacturing (read: refurbishing) is a significant source of revenue for the OEM.
Source: I am a SoC design engineer for an industry outside the mobile personal electronics sector, and they are pretty much commonplace in every SoC made in at least the last 5+ years.
Sent from my Nexus 7 using XDA Premium HD app
Click to expand...
Click to collapse
Your right, but my assumption is that they are not using SoC efuse's. If this were the case, they would be forced to toss boards with blown fuses. Since their goal with the efuse is not to prevent damage, but to indicate intrusuon, a way to "reset" the fuse would seem preferable.
We use several efuse's that are circuit breaker style, and not fuse.
http://www.onsemi.com/PowerSolutions/content.do?id=17031
Just one several. These can be added to any design for protection, but could also be used in this application. Once tripped they would stay tripped until reset. If the reset pin is left unused, then it can only be reset exrernally, which I suspect is the case.
Sent from my SM-P600 using Tapatalk
I actually contacted Samsung Canada to know if tripping Knox voids hardware warranty. This is the response I got:
Dear XXXXXX,
Thank you for contacting Samsung Customer Care.
After going through the email, we understand that you want to know if rooting voids the warranty.
I sincerely apologize for the inconvenience.
I need to inform you, rooting of device will void standard manufacture's warranty.
Click on the below weblink for details about Samsung products warranty info :
http://bit.ly/1d1MfW4
For details about Knox, please contact our dedicated support for Knox at +1 855 567 5669 for further assistance.
We hope we’ve answered your inquiry. Please let us know if there are any additional questions or concerns.
You can also visit our How To & FAQ >section on the website for more product information.
We deeply value your loyalty to Samsung and are committed to provide you with the highest level of customer
service. If for any reason theinformation we provided did not resolve your issue, we have various
contact channels that are available to assist in resolving your concern
For immediate assistance with a live agent, you can chat with us here
For support by phone, you can reach us at 1-800-SAMSUNG(726-7864)
Samsung’s Social Media Team is available to assist with providing up-to-date information or answering questions.
Visit us on Facebook
Visit us on Twitter
Thank you for being a Samsung Customer!
Kind Regards,
Sandy
Samsung Customer Care
http://www.samsung.com/ca
Our goal is to provide our customers with the best customer service possible. Please complete the following customer service survey based on customer experience with your agent.
Your feedback will enable us to see how we're doing overall and find out how we can improve.
Click to expand...
Click to collapse
Doesn't really seem like they understood the question, but whatever. Guess I'll avoid rooting until someone figures out a 0x0 method, if at all. Its weird because people in the S4 forum asked the same thing about Knox and warranty and Samsung's response was that the phone should still retain hardware warranty.
i just wanted to note that samsung will still cover hardware defects if you use knox.
smac7 said:
i just wanted to note that samsung will still cover hardware defects if you use knox.
Click to expand...
Click to collapse
Source of your sentence?
It depends on which defects they are... and the proof that the issue is related to factory defects is on your charge...
Inviato dal mio GT-N5100 con Tapatalk 4
francanna said:
Source of your sentence?
It depends on which defects they are... and the proof that the issue is related to factory defects is on your charge...
Inviato dal mio GT-N5100 con Tapatalk 4
Click to expand...
Click to collapse
transcript from my conversation.
General Info
Chat start time Oct 9, 2013 6:59:14 PM EST
Chat end time Oct 9, 2013 7:10:06 PM EST
Duration (actual chatting time) 00:10:51
Operator Vivian C
Chat Transcript
info: Please wait for a Samsung Agent to respond.
info: All Samsung Agents are currently assisting others. Thanks for your patience. A Samsung Agent will be with you shortly.
info: You are now chatting with 'Vivian C'. There will be a brief survey at the end of our chat to share feedback on my performance today.
info: Your Issue ID for this chat is LTK111790932073X
Vivian C: Hi, thank you for reaching out to Samsung technical support. How may I assist you?
shane: Hi.
shane: i have a question in regards to warrenty on the new galaxy note 10.1
Vivian C: Hi, please go ahead with the query?
shane: I understand that rooting will void the warranty for software issues and anything related to rooting, but does it also void it for issues such as a broken power button or a physical problem with the screen.
shane: Basically, are hardware issues unrelated to root still covered?
Vivian C: Yes, they are covered but no physical damages to the unit.
Vivian C: I can understand how important this is to you.
shane: so you mean as long as it doesn't appear to be the consumers fault (drops for example) then its fine?
Vivian C: I could certainly relate to what you are going through as I am a consumer myself.
Vivian C: The hardware issues are covered if it is under warranty.
shane: ok thank you for the info. that's all i wanted to know before i went through with my purchase
Vivian C: I appreciate the patience you displayed while we worked together on this issue.
Vivian C: Thank you for chatting with us. If you have a minute, please click on the blue “X close” button to receive the transcript of your chat and fill out a brief survey to help us serve you better.
Follow Samsung Service on Facebook, Twitter and YouTube.
smac7 said:
transcript from my conversation.
General Info
Chat start time Oct 9, 2013 6:59:14 PM EST
Chat end time Oct 9, 2013 7:10:06 PM EST
Duration (actual chatting time) 00:10:51
Operator Vivian C
Chat Transcript
info: Please wait for a Samsung Agent to respond.
info: All Samsung Agents are currently assisting others. Thanks for your patience. A Samsung Agent will be with you shortly.
info: You are now chatting with 'Vivian C'. There will be a brief survey at the end of our chat to share feedback on my performance today.
info: Your Issue ID for this chat is LTK111790932073X
Vivian C: Hi, thank you for reaching out to Samsung technical support. How may I assist you?
shane: Hi.
shane: i have a question in regards to warrenty on the new galaxy note 10.1
Vivian C: Hi, please go ahead with the query?
shane: I understand that rooting will void the warranty for software issues and anything related to rooting, but does it also void it for issues such as a broken power button or a physical problem with the screen.
shane: Basically, are hardware issues unrelated to root still covered?
Vivian C: Yes, they are covered but no physical damages to the unit.
Vivian C: I can understand how important this is to you.
shane: so you mean as long as it doesn't appear to be the consumers fault (drops for example) then its fine?
Vivian C: I could certainly relate to what you are going through as I am a consumer myself.
Vivian C: The hardware issues are covered if it is under warranty.
shane: ok thank you for the info. that's all i wanted to know before i went through with my purchase
Vivian C: I appreciate the patience you displayed while we worked together on this issue.
Vivian C: Thank you for chatting with us. If you have a minute, please click on the blue “X close” button to receive the transcript of your chat and fill out a brief survey to help us serve you better.
Follow Samsung Service on Facebook, Twitter and YouTube.
Click to expand...
Click to collapse
That's all and nothing. Samsung VP told in knox website that warranty policies may be different country by country. In general it is true what I said before. You are supposed to prove that the defect is non software related. E.G. zif your screen stops working or you experience motherboard issues, Samsung may say it depends on overclock or other root related stuff.
So what remains you is just power button failure...
Inviato dal mio GT-N5100 con Tapatalk 4
^ Nice, I should follow up with Samsung Canada through live chat because at the very least this gives me a bit more confidence to root without having any hardware warranty concerns. However I wonder if they can still refuse warranty "just because" even though it may have been confirmed by their online agents.
I am left wondering how the Magnuson-Moss Warranty Act of 1975, and all the case law that led to it's enactment, would relate to Samsung's apparent unwillingness to honor a warranty claim related to hardware issues on a rooted (modified) device when Samsung is unable to show that the rooting of the device was the direct cause of the hardware failure.
I think it is time that a group of consumers tripped the Knox counter on their devices by rooting, and sent them in to Samsung for a hardware related repair such as a bad home button or a screen failure and then see if Samsung will honor the warranty or deny the claim solely based on said tripped Knox counter.
If Samsung denies the claim without showing just cause, the group could then show harm and either file a complaint with the Federal Trade Commission (here in the US) or they could file a class action law suit against Samsung if they could find an attorney(s) stupid enough to do it.
There is nothing in the Samsung Terms of Service that precludes class actions as AT&T does.
JACK4HIRE said:
I am left wondering how the Magnuson-Moss Warranty Act of 1975, and all the case law that led to it's enactment, would relate to Samsung's apparent unwillingness to honor a warranty claim related to hardware issues on a rooted (modified) device when Samsung is unable to show that the rooting of the device was the direct cause of the hardware failure.
I think it is time that a group of consumers tripped the Knox counter on their devices by rooting, and sent them in to Samsung for a hardware related repair such as a bad home button or a screen failure and then see if Samsung will honor the warranty or deny the claim solely based on said tripped Knox counter.
If Samsung denies the claim without showing just cause, the group could then show harm and either file a complaint with the Federal Trade Commission (here in the US) or they could file a class action law suit against Samsung if they could find an attorney(s) stupid enough to do it.
There is nothing in the Samsung Terms of Service that precludes class actions as AT&T does.
Click to expand...
Click to collapse
People, it will be exactely as it has been so far: do you remember that Samsung has put a modified device counter in its device for years? What happens to you warranty today if you root a Galaxy S2 and do not use CF Triangle Away?
Some hardware issues have been passed under warranty, some others not.
Some display failures may depend on kernel settings; motherboard issues may depend on voltage and frequencies that are kernel related. Be sure this will not covered.
Hardware buttons are not sw related and will be repaired.
But who wants to keep a warranty limited to 3 hw buttons?
francanna said:
People, it will be exactely as it has been so far: do you remember that Samsung has put a modified device counter in its device for years? What happens to you warranty today if you root a Galaxy S2 and do not use CF Triangle Away?
Some hardware issues have been passed under warranty, some others not.
Some display failures may depend on kernel settings; motherboard issues may depend on voltage and frequencies that are kernel related. Be sure this will not covered.
Hardware buttons are not sw related and will be repaired.
But who wants to keep a warranty limited to 3 hw buttons?
Click to expand...
Click to collapse
Given that we do not have custom kernels, all root has given us is apps like titanium, and other root style apps. We can't modify any voltage settings, or anything that could damage the device. Need a kernel for that.
The only thing you could do right now is flash bad firmware, and brick. But that's possible with or with out root. Any time you flash firmware there is a possibility of bricking. Seems illogical that just because I can use titanium backup and xposed, means a failed update from mk1 to ml1 would be the fault of root. They are not even related. That's like saying installing a new stereo in my car caused the engine to blow a headgasket.
Remember, root only affects the running and booted operating system. Once you are in recovery, or download mode.. root has nothing to do with it. just like in windows. When you install a windows program, if you shutdown and boot to bios.. that program doesn't exist as far as the computer is concerned. Only after it has booted the main hard drive and read the proper master boot record, and loads windows does that program exist.
Sent from my SM-P600 using Tapatalk
Serinety said:
Given that we do not have custom kernels, all root has given us is apps like titanium, and other root style apps. We can't modify any voltage settings, or anything that could damage the device. Need a kernel for that.
The only thing you could do right now is flash bad firmware, and brick. But that's possible with or with out root. Any time you flash firmware there is a possibility of bricking. Seems illogical that just because I can use titanium backup and xposed, means a failed update from mk1 to ml1 would be the fault of root. They are not even related. That's like saying installing a new stereo in my car caused the engine to blow a headgasket.
Remember, root only affects the running and booted operating system. Once you are in recovery, or download mode.. root has nothing to do with it. just like in windows. When you install a windows program, if you shutdown and boot to bios.. that program doesn't exist as far as the computer is concerned. Only after it has booted the main hard drive and read the proper master boot record, and loads windows does that program exist.
Sent from my SM-P600 using Tapatalk
Click to expand...
Click to collapse
You are right, BUT...
Today we have no custom kernel on Note 2014, but as soon as Samsung releases the source code we will have. For Note 3 custom kernels do exist.
So, generally speaking, I may root the phone, flash a custom kernel and, in case of disaster, restore stock kernel.
That is why even a simple root is considered non samsung system modification... and Knox activates the efuse in case of any non samsung system modification because it needs the system to be perfectly integer and Samsung certified for business reasons (BYOD strategies).
Finally: no root means no kernel no rom... no problem for Samsung.
I am not justifying Samsung. Only trying to explain their logic.
Inviato dal mio GT-N7100 utilizzando Tapatalk
francanna said:
You are right, BUT...
Today we have no custom kernel on Note 2014, but as soon as Samsung releases the source code we will have. For Note 3 custom kernels do exist.
So, generally speaking, I may root the phone, flash a custom kernel and, in case of disaster, restore stock kernel.
That is why even a simple root is considered non samsung system modification... and Knox activates the efuse in case of any non samsung system modification because it needs the system to be perfectly integer and Samsung certified for business reasons (BYOD strategies).
Finally: no root means no kernel no rom... no problem for Samsung.
I am not justifying Samsung. Only trying to explain their logic.
Inviato dal mio GT-N7100 utilizzando Tapatalk
Click to expand...
Click to collapse
True, although they should make a business version and a consumer version. But......like THAT would ever happen lol. Seems silly to force business solutions onto a consumer, non business customer experience. I assume samsung is going to be pushing knox into all their new devices.. which kinda blows the whole "for business" slogan of knox. I have to think , not many samsung smartphone/tablets are used in a Purley business application.
Ahh...such is life. If they can make it, we can break it....
Sent from my SM-P600 using Tapatalk
Serinety said:
True, although they should make a business version and a consumer version. But......like THAT would ever happen lol. Seems silly to force business solutions onto a consumer, non business customer experience. I assume samsung is going to be pushing knox into all their new devices.. which kinda blows the whole "for business" slogan of knox. I have to think , not many samsung smartphone/tablets are used in a Purley business application.
Ahh...such is life. If they can make it, we can break it....
Sent from my SM-P600 using Tapatalk
Click to expand...
Click to collapse
As you know Blackberry is almost out of the market and Windows Phone has not such a great appeal. That is a huge oppotunity for Samsung, but they have to face Android bad reputation as an "unsecure" system.
That is the main reason for Knox.
"Security" and "data integrity" are marketing messages they decided to spend also in consumer market... although we know that most of people would not need neither use Knox.
Moreover Samsung well knows that modders are only a very small part of the consumer universe. Although Samsung NEEDS modder's community.
My note: IMHO Android security problems are NOT directly related to rooting... on the contrary, rooting (URDLV, for example) would use system exploits... but it is true that having a rooted device increases the possibilities of possible security issues for un-aware people.
People still think that rooting is required for having "cracked applications" and things link that.
Backstory: I've always used iPhones, was tired of the bull****, and wished for Android especially the S8. Was shocked, and I'm rarely shocked, but the agressive violation of privacy, the crazy amount of bloatware, and the unoptimised UX and system services overall.
Now, I'm in charge of a wide ecosystem of people using smartphones in our company as well as other companies I consult for. While people always blab about personal privacy (which is a concern of course), what I don't understand is how people dealing with either sensitive, contractual or strategic informations could use Android devices given that it *excuse but there's no better terms* rapes your privacy in every, but also I'm pretty sure, illegal, ways.
For exemple the Sound Detector app, even when disabled, is constantly listening to your environment without your priori knowledge or permissions. In fact it's mainly the permissions scheme that baffles me: on iOS or any PC or Mac, you can install any app without being constrained to accept giving out information or accessing functions that have nothing to do with the app, THEN you can choose what precise permissions, when and why. And of course there's the whole wider problem of usage and data tracking (which I apparently have to install...a firewall??) or even malware (I have to install a separate antivirus for...on a smartphone). Worst exemple being that of course: www.theverge.com/2018/1/2/16842294/android-apps-microphone-access-listening-tv-habits
Now I like Android for all their efforts, development and implementation, as well as Samsung efforts...but I'm on the verge of having to present a report to ban all Android phones (for a "leave at door" Policy or either iPhone, BBMs and any other "more" secure smartphones) like I just realise they did in the US government and other official institutions as well as some corporations...or...understand very well how it works, and devise a clearly guide on how to completely optimise and secure Android smartphones like I would for PCs/Macs.
So here's my mission if you accept to help me:
1. I want to deconstruct how Android works in a very simple scheme for noob.
2. From that I want to list all the system packages and services, to determine those that are critical, optional or bloatware, and actually describe exactly what they're for so people have a clear idea.
3. I want to list all the base applications, stores or packages apps, to determine those that are critical, optional or bloatware, then what they're for and most importantly the best alternative apps to these.
4. I want to list and make a simple schemes of how the device components (sensors, cam, mic...), the different data canals, and the the different permissions are circulating or violating privacy while screwing cpu time, battery and data.
5. Finally I want to learn, understand and create a simple noob introduction to the different tools like Xposed (and XprivacyLua which seems to be the best options), package disablers (I personally went for BK), Firewall, Adblockers and Antivirus (honestly didn't even think I would need those on Android).
So I guess first, I'll list all the apps, packages (and sub-services) that my Galaxy S8 came shipped with that overwhelmed me, so as to know for a basic Galaxy S8/+/Note what is a consensus of what to disable, why, how and by what to replace if there's alternative, while listing basic how-to's of the tools to that. Note that I only know about BK Disabler as of now.
Reserved
Upd: I haven't had time, but I'm starting to do a table with all the packages, what they're for and wether to disable them.
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
why would you need an antivirus for a phone if you stick to play store apps?
rashat999 said:
why would you need an antivirus for a phone if you stick to play store apps?
Click to expand...
Click to collapse
There are plenty of play store garbage apps with spy ware and crap in them
vladimir_carlan said:
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
Click to expand...
Click to collapse
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
OgreTactic said:
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
Click to expand...
Click to collapse
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
vladimir_carlan said:
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
Click to expand...
Click to collapse
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
OgreTactic said:
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
Click to expand...
Click to collapse
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
vladimir_carlan said:
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
Click to expand...
Click to collapse
I put my S8 away for now I went back to an iPhone. I'm using it off-grid to still try and figure out how it works.
Basically my problems are clear:
1. There's no transparency in background processes/services, the component they use and the data they send.
2. The way permissions are managed is intolerable: forcing you to accept non-necessary and arbitrary access to connected components or private information BEFORE installing the app is a form of extortion. The same goes when running the app: forcing permissions that are not critical to the app code actually running is a form of extortion. Baffles me how Google even allows that today.
3. The fact that there's even a need for a firewall and antivirus, and that the official stores is filled with illegal (copyright infringing app so blatant) and therefor myriads of potential malicious apps like Silverpush-enabled one, without any store control or curation on Google's part.
All this means there is no way I will use an Android rather than an iPhone and allow anyone dealing with private or "sensitive" commercial informations using one inside the company. I'm still trying to figure out if going straight to root is the solution, if I'll have to use cryptography for documents and coms, or if I'll have to spend days figuring out Xposed+Xprivacy, Packages Disablers, MicroG alternative libraries, Firewall and Antivirus and god knows what to make it decently secure like an iPhone (which doesn't aggressively violates your privacy and is really easy to secure with a jailbreak...unless there are hidden backdoors which is still far from the probably illegal open-buffet of private and sensitive informations Google provides to any potential malicious websites, scripts or apps).