Posts

Showing posts from 2013

Signing email with an NFC smart card on Android

Image
Last time we discussed how to access the SIM card and use it as a secure element to enhance Android applications. One of the main problems with this approach is that since SIM cards are controlled by the MNO any applets running on a commercial SIM have to be approved by them. Needless to say, that considerably limits flexibility. Fortunately, NFC-enabled Android devices can communicate with practically any external contactless smart card, and you can install anything on those. Let's explore how an NFC smart card can be used to sign email on Android. NFC smart cards As discussed in previous posts , a smart card is a secure execution environment on a single chip, typically packaged in a credit-card sized plastic package or the smaller 2FF/3FF/4FF form factors when used as a SIM card. Traditionally, smart cards connect with a card reader using a number of gold-plated contact pads. The pads are used to both provide power to the card and establish serial communication with its I/O...

Using the SIM card as a secure element in Android

Image
Our last post  introduced one of Android 4.3's more notable security features -- improved credential storage, and while there are a few other enhancements worth discussing, this post will slightly change direction. As mentioned previously , mobile devices can include some form of a Secure Element (SE), but a smart card based  UICC (usually called just 'SIM card') is almost universally present. Virtually all SIM cards in use today are programmable and thus can be used as a SE. Continuing the topic of hardware-backed security, we will now look into how SIMs can be programmed and used to enhance the security of Android applications. SIM cards First, a few words about terminology: while the correct term for modern mobile devices is UICC (Universal Integrated Circuit Card), since the goal of this post is not to discuss the differences between mobile networks, we will usually call it a 'SIM card' and only make the distinction when necessary.  So what is...

Credential storage enhancements in Android 4.3

Image
Our previous post  was not related to Android security, but happened to coincide with the  Android 4.3  announcement. Now that the post-release dust has settled, time to give it a proper welcome here as well. Being a minor update, there is nothing ground-breaking, but this ' revenge of the beans' brings some welcome enhancements and new APIs. Enough  of those are related to security for some to even call 4.3 a 'security release'. Of course, the big star is SELinux , but credential storage, which has been a somewhat recurring topic on this blog, got a significant facelift too, so we'll look into it first. This post will focus mainly on the newly introduced features and interfaces, so you might want to review previous credential storage posts before continuing. What's new in 4.3 First and foremost, the system credential store, now officially named 'Android Key Store' has a public API for storing and using app-private keys. This was possible befor...

Building a wireless Android device using BeagleBone Black

Image
Our previous posts were about code signing in Android, and they turned out to be surprisingly relevant with the announcement of the ' master key' code signing Android vulnerability. While details are yet to be formally released, it has been already patched and dissected , so we'll skip that one and try something different for a change. This post is not directly related to Android security, but will discuss some Android implementation details, so it might be of some interest to our regular readers. Without further ado, let's get closer to the metal than usual and build a wireless Android device (almost) from scratch. Board introduction -- BeagleBone Black For our device we'll use the recently released BeagleBone Black board. So what is a BeagleBone Black (let's call it BBB from now on), then? It's the latest addition to the ranks of ARM-based, single board credit-card-sized computers. It comes with an AM335x 1GHz ARM Cortex-A8 CPU, 512MB RAM,  2GB on-bo...