Nope. It still has vulns just like every other piece of software ever created. And maybe Android even introduced new holes with all the new "security" features ;)
-- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen On Jul 29, 2014 6:05 AM, <[email protected]> wrote: > Google is taking a step further towards securing Android smartphones by > introducing Android L, which is built on Samsung's Knox technologies [1]. > > The Knox enhances the security of the smartphone by resorting to the > following security technologies: > > - TPM, implementing static root of trust > > - ARM TrustZone, providing hardware mechanism in support of TPM > > - SE-Android, introducing mandatory access control for better > security > > - Linux Container or other light-weight virtualization > technologies, implementing separate domains for enterprise run-time > environment and personal run-time environment > > Without further elaborating the aforementioned technologies, it is > concluded that Knox provides a secure platform for smartphones so that they > may be used in mission-critical applications, especially in pursuit of BYOD > in enterprise environment. > > However, it is still vulnerable to memory based rootkit attacks [6]: After > trusted boot of the SE-Linux (i.e. the kernel of SE-Android), memory based > rookit may still be introduced to kernel due to vulnerabilities, etc. Such > kind of attacks is beyond the TPM’s scope. If lucky, the rootkit may > inherit the highest security label of the bugged code running in the > kernel, bypassing any security mediation. > > Simply put, it is hard to detect any security compromises if the detection > code runs within the same kernel it is intended to protect [5]. > Fortunately, academic researchers already found a way that may take > advantage of virtualization for further protection [2]. Specifically, > virtual machine introspection (VMI) technology may be leveraged to provide > real-time inspection of systems' health conditions. Moreover, such > technology has already been implemented in some use cases [3][4], sans > mobile platforms. > > The suggested improvement on the security architecture of Knox and Android > L is to introduce a hypervisor (like Xen), beneath the SE-Android. > Furthermore, > a light-weight agent is running in Dom0, side by side with the SE-Android. > It takes advantage of VMI (like XenAccess) to inspect the health of > SE-Android by collecting the statistics of key elements in the kernel (like > hash value of system calls table, etc.), and passing them on to the backend > MDM servers, through a secure connection. The MDM servers host the actual > analytics engine and carry out weight-lifting. > > This way, even if the kernel space of SE-Android is corrupted, the agent > is able to detect the changes due to corruption. > References > > 1. Android L builds on Samsung’s Knox fortifications > 2. A Virtual Machine Introspection Based Architecture for Intrusion > Detection > 3. Insider Threat Detection on the Windows Operating System Using > Virtual Machine Introspection > 4. Changing the Game for Anti-Virus in the Virtual Datacenter > 5. Root Out Rootkits An inside look at McAfee Deep Defender > 6. Security Challenges in Virtualized Environments > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
