----- Forwarded message from coderman <coder...@gmail.com> ----- Date: Sun, 11 Aug 2013 13:28:53 -0700 From: coderman <coder...@gmail.com> To: cypherpu...@cpunks.org Subject: Re: Lavabit and End-point Security
one last cautionary tale: some time back i used the techniques discussed to harden some Android phones brought with me into a hostile environment. i had kernel level protections in place, hardened the system configuration and services, pared down apps to the minimum and constrained their access to the file system and network. this was months of effort. the first adversarial encounter went very well in my favor - all of the attempts to exploit my devices were thwarted at these various layers and via these protections, with the sole exception of a Google Voice Search hack that kept voice search active in an "open mic night" eavesdropping capability. this was quickly nullified via kill -STOP (Android won't re-spawn an app that is already running, and a stopped process proved quite effective at halting this repeated invocation of search used to capture audio.) fast forward to round two, and i doubled down on the kernel, system, and application level protections. even more scrutiny is applied to applications to avoid the misuse of legitimate functionality for malicious purpose. i am feeling confident! ... and then a baseband exploit easily walks under all of my protections at every layer, completely and fully 0wning my devices, with the only hint at anything amiss being the elevated thermal dissipation and power consumption from the radios performing data transmission, all while the Android OS believed the devices were silent in airplane mode. [informative interlude: software defined transceivers should be in every hacker toolbox; radio level attacks are otherwise invisible to you. they are also useful for many other purposes, perhaps one day even providing a solution to the untrustworthy proprietary firmware and baseband systems crammed into every mobile device these days.] --- incidentally, this also demonstrates why IOMMU / VT-d guest isolation of devices on the host bus is very useful, as a vulnerable NIC could otherwise provide complete access to privileged memory and interfaces just like the baseband exploit above... assuming your CPU itself is trustworthy! "trusting trust" continues to be a persistent and difficult problem, leaving us all vulnerable to some degree or another - it's just a function of cost and skill to compromise. turtles all the way down! ;P ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.