NSA releases security-enhanced Android (The H)

[Posted January 17, 2012 by jake]

The H looks at SEAndroid, which was recently released by the US National Security Agency. It brings some of SELinux to the Android kernel to limit the damage that malicious apps can do. "In a presentation [PDF] originally given at the 2011 Linux Security Summit, Stephen Smalley of the NSA explained the functionality within SEAndroid. He noted that it brings Mandatory Access Control to Android's Linux kernel and can help sandbox, isolate and prevent privilege escalation by applications with a centralised policy that is amenable to analysis. That said, it cannot protect against kernel vulnerabilities and misconfiguration of the security policy. Smalley also discussed how SEAndroid works to protect against a number of known exploits and how SEAndroid would have stopped them in different ways."

NSA releases security-enhanced Android (The H)

Posted Jan 17, 2012 21:18 UTC (Tue) by leromarinvit (subscriber, #56850) [Link] (19 responses)

I'm kind of split on this issue. On the one hand, security against malicious attacks is obviously a good thing. The harder it is for some random app or even website (via a suitable browser/plugin exploit) to steal your data, the better.

The trouble is that most manufacturers and network providers treat the user as an enemy to protect the precious phone against, so they do everything they can to prevent users from doing anything that makes them less likely to quickly buy a new phone (such as installing 3rd party updates like CyanogenMod). This gives them even more power in this regard.

NSA releases security-enhanced Android (The H)

Posted Jan 17, 2012 21:47 UTC (Tue) by djf_jeff (subscriber, #62173) [Link] (9 responses)

I completely agree with you. This is the kind of technology that will certainly be used for the wrong purpose by the carrier. They take every opportunities they have to lock the end-user.

NSA releases security-enhanced Android (The H)

Posted Jan 18, 2012 9:53 UTC (Wed) by hpro (subscriber, #74751) [Link] (3 responses)

They probably will. But given the choice of having my phone firmware "abused" by the carrier, and _abused_ by malicious software, I would pick the former every time.

I'd much rather have a phone which has all the security bells and whistles but that provides me with a mechanism for loading my own firmware (i.e., unlocked bootloader). That is (one of the reasons) why I have a Nexus S.

NSA releases security-enhanced Android (The H)

Posted Jan 18, 2012 20:48 UTC (Wed) by JanC_ (guest, #34940) [Link]

Who says the malware isn't installed by the carrier? They already install malware right now, if I can believe certain news reports, so why would they stop doing that if they get the tools to more effectively hide this malware?

Security Against Who?

Posted Jan 18, 2012 22:19 UTC (Wed) by ldo (guest, #40946) [Link] (1 responses)

hpro:

But given the choice of having my phone firmware "abused" by the carrier, and _abused_ by malicious software, I would pick the former every time.

That’s a stupid, specious dichotomy. As is well-known, you cannot “secure” a system against the person who legitimately owns that system and has physical access to it. SELinux doesn’t try to do that, and SEAndroid wouldn’t try to do that. The NSA, of all people, are well aware of such a limitation—after all, it is the reason that Digital Restrictions Management doesn’t work. In short, these security frameworks, like all security frameworks, are useless for vendors trying to lock you out of devices that you buy from them.

But of course, like a lot of people, the stupid vendors would have trouble grasping such a fine point. So I wouldn’t be surprised to see one or two of them try to use it for this very purpose.

Actually DRM works perfectly fine...

Posted Jan 18, 2012 22:30 UTC (Wed) by khim (subscriber, #9252) [Link]

The NSA, of all people, are well aware of such a limitation—after all, it is the reason that Digital Restrictions Management doesn’t work.

Apparently NSA knows the reality better then you and they obviously knows that DRM does work. The governing principle in security is famous ages-old you can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time. DRM can not full fool all the people all the time - here you are absolutely correct, but it can fool all the people some of the time and this some of the time is growing: just 10 years ago DRM typically DRM was broken in weeks, often days, but today it takes years for well-designed DRM systems (XBox360, PS3, etc).

If you'll consider the fact that lifespan of typical phone model is 2-3 years... this means that for Android DRM may work just fine.

NSA releases security-enhanced Android (The H)

Posted Jan 18, 2012 11:17 UTC (Wed) by job (guest, #670) [Link] (4 responses)

Given the options between 1) harden Android security, and 2) get people to stop buying locked-down crap, I know I'll choose 2 every time. In the Android ecosystem this is actually not so much of a problem since the unlocked hardware is competitive in both performance and price, so unlocked hardware is a realistic option for most. If all the cool gadget sites which seems to drive so much of smartphone sales nowadays could get the message out, we'd be a lot better off.

NSA releases security-enhanced Android (The H)

Posted Jan 19, 2012 1:53 UTC (Thu) by rqosa (subscriber, #24136) [Link] (1 responses)

> Given the options between 1) harden Android security, and 2) get people to stop buying locked-down crap

Huh? Options 1 and 2 aren't mutually exclusive at all.

Maybe you meant to say "1) weaken Android security" (for the purpose of making locked-down Android phones easier to hack, which is what the parent and grandparent posts seemed to be advocating)? That way it makes more sense that 1 and 2 are mutually exclusive — if locked-down Android devices were truly unhackable, then there would likely be more end-user demand for the unlocked devices that are already for sale (Nexus, etc.).

NSA releases security-enhanced Android (The H)

Posted Jan 19, 2012 10:08 UTC (Thu) by job (guest, #670) [Link]

I'm sorry, that should have been "weaken". I try to pause and proofread before I post but this time I failed and inadvertently said the opposite of what I intended.

NSA releases security-enhanced Android (The H)

Posted Jan 19, 2012 15:01 UTC (Thu) by rich0 (guest, #55509) [Link] (1 responses)

How is the unlocked hardware competitive in performance and price?

I got a T-Mobile G2 for $0 with 4G service and a decent hardware keyboard. I couldn't get an unlocked android phone at any price with a hardware keyboard, and neglecting that feature a Nexus S would have cost me $200 with only 3G data. Before that the Nexus One was unsubsidized but would have cost the same per-month (you could have gotten a discounted rate at the time if you didn't have a family plan).

At some points in time the unlocked models are somewhat competitive, but more often than not they aren't. The fact that they only come out about once a year doesn't help - if your upgrade cycle is off by six months it will be hard for the free stuff to ever be feature-competitive.

Unlocked phones are clearly the best solution to the lockdown problem, but right now there just aren't enough of them, and vendors don't want to promote them. I doubt that would ever change without some kind of legislation.

NSA releases security-enhanced Android (The H)

Posted Jan 22, 2012 13:31 UTC (Sun) by job (guest, #670) [Link]

Competitive because they cover most price ranges and is the price difference between it and locked models are negligible. For example the unlocked and somewhat more open Nexus flagship model is currently 500 EUR while the comparable Samsung model is 450 EUR. That's not a big difference.

I obiously don't count subsidized phones since they are just part of a payment plan, whether you see separate payments or it's just part of your monthly fee (in which case you lose badly if you don't catch the expiration date). You probably didn't really get your phone for $0. That's just parroting market speak where fees are called something else.

I would think the varying states of unlocked-ness is a bigger problem. Some have just unlocked bootloaders, which many manufacturers offer across the entire price spectrum (some HTC models, newer Sony-Ericssons etc.), and some go further. It takes a lot of customer empowerment to know which phone to get. That's where the community can help out.

NSA releases security-enhanced Android (The H)

Posted Jan 18, 2012 1:31 UTC (Wed) by rqosa (subscriber, #24136) [Link] (8 responses)

> This gives them even more power in this regard.

But they already can (and do) lock down the bootloader to prevent installing a non-OEM Android distribution. The only way to prevent that is for there to be enough customer demand for unlocked hardware — and fortunately, it seems that there currently is enough demand, since unlocked devices are available (e.g. the Nexus series).

NSA releases security-enhanced Android (The H)

Posted Jan 18, 2012 10:53 UTC (Wed) by gidoca (subscriber, #62438) [Link] (7 responses)

Not everyone wants to flash their own firmware. It's useful to have exploits to get root access on the stock firmware, which may get harder should SELinux be integrated into Android.

NSA releases security-enhanced Android (The H)

Posted Jan 19, 2012 0:12 UTC (Thu) by rqosa (subscriber, #24136) [Link] (6 responses)

> Not everyone wants to flash their own firmware.

If someone doesn't care whether or not they can install an OS on their own computer, that means they don't care whether or not someone else (e.g. the carrier or the manufacturer) has control over their computer. Those people probably don't care about FLOSS at all — at least, they must not care whether or not they can exercise the rights granted by the software's license.

> It's useful to have exploits to get root access on the stock firmware

But there are Android devices on the market already that are unlocked to the user / owner. Users who care about the cause of promoting "unlocked" / "un-Tivoized" hardware ought to vote with their money in favor of these unlocked devices, rather than finding ways to hack the locked-down ones (thereby economically supporting the user-hostile vendors that lock their devices).

Furthermore, having control over one's own hardware means being able to run any software (that doesn't exceed the hardware resource limits) on it. Preventing people from using SELinux on their own hardware is contrary to giving control to hardware owners (and is likely to give control to malware authors instead of hardware owners).

NSA releases security-enhanced Android (The H)

Posted Jan 19, 2012 15:08 UTC (Thu) by rich0 (guest, #55509) [Link] (3 responses)

There are exactly 4 android phones that are supplied by the OEM unlocked to the user - only two of which are of any value at all today:

1. The ADP.
2. The Nexus One.
3. The Nexus S.
4. The Galaxy Nexus.

If you don't like those particular modules, you're SOL (well, you end up rooting some other phone, until vendors decide to increase their security). There just isn't much diversity in the Nexus line.

All four models have sold with premium pricing - the Nexus S eventually made it down to a subsidized $200 price tag, which is relatively high, and I imagine the Galaxy Nexus will do the same. It isn't hard to find locked android smartphones for under $100, and I got a G2 for free.

I'm all for buying unlocked hardware, but I find it hard to justify paying $100 for hardware that I actually prefer less, simply because the OEM isn't locking it down. It makes far more sense to look at locked phones that already have exploits available.

NSA releases security-enhanced Android (The H)

Posted Jan 19, 2012 18:26 UTC (Thu) by raven667 (subscriber, #5198) [Link]

I think the prices are a little better now, I got a Nexus S with a new contract for $50 for the holidays. I got it because it was an unlocked, unadulterated device that I could play around with as much as I want, unlike my iPhone 3GS

NSA releases security-enhanced Android (The H)

Posted Jan 21, 2012 7:39 UTC (Sat) by rqosa (subscriber, #24136) [Link]

> I find it hard to justify paying $100 for hardware that I actually prefer less, simply because the OEM isn't locking it down. It makes far more sense to look at locked phones that already have exploits available.

But for someone who cares about the continued availability of unlock{ed,able} Android devices in the marketplace, it makes sense to support the manufacturers that intentionally make their devices that way, instead of supporting those that tried to lock down their devices and failed.

NSA releases security-enhanced Android (The H)

Posted Jan 22, 2012 13:35 UTC (Sun) by job (guest, #670) [Link]

That's not entirely true. HTC and Sony-Ericsson both offer software to the end-user to unlock a many models of their phones. They may not ship unlocked but they are trivially easy to unlock with the provided software.

NSA releases security-enhanced Android (The H)

Posted Jan 19, 2012 15:20 UTC (Thu) by gidoca (subscriber, #62438) [Link] (1 responses)

I _do_ care that I can install whatever OS I like on my smartphone should I need it sometime, and I did vote with my money: I bought a SonyEricsson because they offer the possibility to unlock the bootloader. Right now, however, the most important thing to me is that it just works, as I don't have any other working phone, so I'll stick with the stock Android for now. Therefore, it is _also_ important to me that I have the possibility to obtain root privileges on the stock distribution, as this allows me to run any user mode software, which is sufficient for most of the things I might want to do. I'm not saying people shouldn't use SELinux on their device when they choose to, but I think having control over how the stock firmware works (i.e., having root access) is useful even with an unlocked bootloader.

NSA releases security-enhanced Android (The H)

Posted Jan 21, 2012 7:45 UTC (Sat) by rqosa (subscriber, #24136) [Link]

> having root access) is useful even with an unlocked bootloader.

It's true that it makes it more convenient, but it's not a requirement for ensuring that the user controls their own hardware.

(What's more, one could argue that, in the presence of untrusted user-space software, having an enforceable security policy in the OS is required to ensure that the user maintains control over their hardware.)

NSA releases security-enhanced Android (The H)

Posted Jan 17, 2012 22:45 UTC (Tue) by karim (subscriber, #114) [Link]

I think this is great. For sure this will be abused by handset manufacturers. But it'll also be a good way to make Android get closer to what RIM offers in terms of security.