Showing posts from 2014

Dissecting Lollipop's Smart Lock

Android 5.0 (Lollipop) has been out for a while now, and most of its new features have been introduced, benchmarked, or complained about extensively. The new release also includes a number of of security enhancements , of which disk encryption has gotten probably the most media attention. Smart Lock (originally announced at Google I/O 2014), which allows bypassing the device lockscreen when certain environmental conditions are met, is probably the most user-visible new security feature. As such, it has also been discussed and blogged about extensively. However, because Smart Lock is a proprietary feature incorporated in Google Play Services, not many details about its implementation or security level are available. This post will look into the Android framework extensions that Smart Lock is build upon, show how to use them to create your own unlock method, and finally briefly discuss its Play Services implementation. Trust agents Smart Lock is build upon a new Lollipop feature cal

Android Security Internals is out

Some six months after the first early access chapters were announced , my book has now officially been  released . While the final ebook PDF has been available for a few weeks, you can now get all ebook formats (PDF, Mobi and ePub) directly from the publisher, No Starch Press . Print books are also ready and should start shipping tomorrow (Oct 24th). You can use the code UNDERTHEHOOD  when checking out for a 30% discount in the next few days. The book will also be available from  O'Reilly ,  Amazon  and other retailers in the coming weeks. This book would not have been possible without the efforts of Bill Pollock and Alison Law from No Starch, who edited, refined and produced my raw writings. +Kenny Root   reviewed all chapters and caught some embarrassing mistakes, all that are left are mine alone. Jorrit “ Chainfire ” Jongma reviewed my coverage of SuperSU and Jon “ jcase ” Sawyer contributed the foreword. Once again, a big thanks to everyone involved! About the book Th

Revisiting Android disk encryption

In iOS 8, Apple has expanded the scope of data encryption and now mixes in the user's passcode with an unextractable hardware UID when deriving an encryption key, making it harder to extract data from iOS 8 devices. This has been somewhat of a hot topic lately, with opinions ranging from praise for Apple's new focus on serious security, to demands for "golden keys" to mobile devices to be magically conjured up. Naturally, the debate has spread to other OS's, and Google has announced that the upcoming Android L release will also have disk encryption enabled by default . Consequently, questions and speculation about the usefulness and strength of Android's disk encryption have sprung up on multiple forums, so this seems like a good time to take another look at its implementation. While Android L still hasn't been released yet, some of the improvements to disk encryption it introduces are apparent in the preview release, so this post will briefly introduce

Secure voice communication on Android

While the topic of secure voice communication on mobile is hardly new, it has been getting a lot of media attention following the the official release of the Blackphone , Consequently, this is a good time to go back to basics and look into how secure voice communication is typically implemented. While this post focuses on Android, most of the discussion applies to other platforms too, with only the mobile clients presented being Android specific. Voice over IP Modern mobile networks already encrypt phone calls, so voice communication is secure by default, right? As it turns out, the original GSM encryption protocol (A5/1) is quite weak and can be attacked with readily available hardware and software . The somewhat more modern alternative (A5/3) is also not without flaws, and in addition its adoption has been fairly slow , especially in some parts of the world . Finally, mobile networks depend on a shared key, which while protected by hardware (UICC/SIM card) on mobile phones, can b

Using KitKat verified boot

Android 4.4 introduced a number of security enhancements , most notably SELinux in enforcing mode. One security feature that initially got some press attention, because it was presumably aiming to 'end all custom firmware', but hasn't been described in much detail, is verified boot . This post will briefly explain how verified boot works and then show how to configure and enable it on a Nexus device. Verified boot with dm-verity Android's verified boot implementation is based on the dm-verity device-mapper block integrity checking target. Device-mapper is a Linux kernel framework that provides a generic way to implement virtual block devices. It is used to implement volume management ( LVM ), full-disk encryption ( dm-crypt ), RAIDs and even distributed replicated storage ( DRBD ). Device-mapper works by essentially mapping a virtual block device to one or more physical block devices, optionally modifying transferred data in transit. For example, dm-crypt decrypts re

Android Security Internals

If you have been following this blog for a while, you might have noticed that there haven't been many new posts in the past few months. There are two reasons for this: me being lazy and me working on a book. The books is progressing nicely, but is still a long way from being finished, so updates will probably continue to be spotty for a while. What is this all about? The book is a continuation of my quest to understand how Android works and, as you may have guessed already, is called "Android Security Internals". That's a somewhat ambitious title, but it reflects my goal -- to present both an overview of Android's security architecture, and to show how its key components are implemented and interoperate. Meeting this goal requires starting with the most fundamental concepts such as Binder IPC, sandboxing, file ownership and permissions, and looking into key system services that bind the OS together, such as the PackageManagerService and ActivityManagerService