Friday, March 29, 2013

The Perfect Trojan Horse


Giovanni Russello, a security expert, writes a post about Android security.
The launch of the new Galaxy S4 has been celebrated a couple of weeks ago. Indeed, it looks like a slick device with lots of nice features that is making Apple really nervous. At the software level, the S4 ships with Android 4.2 Jelly Bean. Together with the Samsung pre-installed apps, we will find in the S4 Knox. Knox is a security solution developed by Samsung for supporting the Bring Your Own Device (BYOD) policy in enterprises. Knox allows the creation of different environments in your phone. Essentially, a secure environment will be used for containing enterprise-related data and apps; while an open environment will be used for personal content. The work environment can be managed by the IT admin of the enterprise. Your personal environment is entirely yours to populate with whatever junk you might like. The content of one environment is not accessible to apps from the other environment, keeping everyone happy.
   Knox relies on the Mandatory Access Control (MAC) mechanism provided by SELinux. So how did SELinux ended up in a Samsung phone? The news that people were at work to port SELinux on to Android is not new actually. What is news is that SELinux is now (or is going be) fully integrated in the Android Open Software Project (AOSP), the official Android trunk that Google provides to vendors. And it is not a simple matter of swapping a Linux kernel for another. In a recent paper at NDSS 13, Smalley describes in details the changes required at the level of the Android middleware to be able to integrate the SELinux MAC mechanism seamless with the Android application framework.
    What are the implications of having SELinux as part of the AOSP? From now on, Android code will have SELinux modules as part of its base distribution. In terms of security, SELinux can really help in solving some of the Android security issues. However, we have to realise here that SELinux is a research project of the National Security Agency (NSA). The NSA is one of the most nosey agencies in the US. One of the NSA main activities is to look for vulnerabilities that allow them to eavesdrop and in some cases even attacking “enemy” systems (see the case of Stuxnet).
   Now Google has teamed up with NSA and any new Android phones will have NSA code running on it.  Even though SELinux can help in keeping the bad guys out, are we sure that will keep the good guys’ noses out from our phones?
    Timeo Danaos et dona ferentes