Time
8 hours 33 minutes
Difficulty
Beginner
CEU/CPE
9

Video Transcription

00:05
the Android platform is responsible for securing the limits. Colonel. So Google,
00:10
when they're it's Google's responsibility to make sure that the linens colonel is secure, that there's not bugs, that there's not, um, security risks inherent with the colonel.
00:23
The platform also secures user data
00:27
by securing the inner process communication it prevents
00:31
or supposed to prevent
00:33
applications from talking to want one another, applications from accessing the colonel
00:40
or making changes to the colonel.
00:42
Now, depending as we'll see that doesn't always work.
00:47
Protect system resource is removes removal and necessary and or vulnerable sections of the colonel again.
00:55
If
00:56
Google identifies a portion of the code,
00:59
that is, ah, security risk,
01:03
it's their job to fix it. They own the source code, even though it's open source. They're the primary people responsible for the source code
01:11
access to storage media.
01:15
The platform says where you can write the
01:18
application, too.
01:19
Can I write it to this area? Can I write it to the media card? The optic Colonel, The platform decides that makes that decision
01:29
and transmission of network data. Can this app
01:32
transmit over the network?
01:34
Can it do this? Can't that gets into the permission model. When I download an app on the run android phone,
01:42
I have to say
01:42
I can write or I need these permissions. The APP has to say I need permission X, y and Z and eyes the user have to say,
01:53
Do I want to give the app those permissions or not? If I don't give those permissions, the app won't insult.
02:00
So I have a binary decision. Do I install it with these permissions or I do not know. Why not install it? Because I don't like the permissions it has. There's no middle ground I can't say. Well, it can access these things, but I really don't want it to access the
02:15
The call walks
02:16
I don't have that choice is user. It's all or none on from my perspective.
02:23
Application, runtime app, sand boxing limits. Access. The limits hurt Colonel.
02:29
It's mandatory for all APS native and third party.
02:32
It's also supposed to limit APS interacting with each other.
02:37
So I have
02:38
angry birds and I have my Gmail. Klein.
02:42
Angry birds should not be able to look at the data
02:45
in my Gmail client.
02:47
They're in two separate memory spaces,
02:51
and it leverages the limits user based isolation
02:54
of resource is in order to dio this sand boxing
02:59
it's using limits is a fairly secure platform,
03:04
as a lot of nice security features built in.
03:07
It's leveraging those security features and order to help isolate it.
03:10
They use different parts of RAM. They're not sharing RAM space. They're using different parts of Io there.
03:19
There's not gonna be any communication between them.
03:22
The system partition. This
03:24
it's set to read. Only
03:27
there should not. APS should not be able to make changes to the system partitions.
03:32
You don't want APS making changes. The system partitions. This is
03:37
equivalent to say that
03:39
about System 32 folder
03:42
in Windows
03:44
except more secure
03:46
system 30 to the default build motions. Files shouldn't be changed unless they really have to. And as Windows has progressed,
03:57
Microsoft has limited Maur and Maur What APS can make changes to the system. 32 folder
04:02
before sort of willy nilly. Anybody could do it now APS or I say, APS programs and Microsoft's have to have explicit user permission toe actually, right there.
04:15
So they're changing the security model on the desktop side to try to prevent unauthorized use on the computer side. Well, they do that. The op, these many the U. S. Manufacturer developers do the same thing on this side.
04:29
They want to prevent the system colonel from changing
04:33
the first step. The easiest step. Let's make it read only by default. There's no right permissions of the system kernel or the system partition.
04:42
The system partition contains the colonel. The operating system libraries the default application. So the applications they're installed by default by
04:50
the phone manufacturer or by Google,
04:54
The application run times Theo application framework. So how do the applications actually work? What are the libraries for the applications?
05:04
What's the underlying colonel for the phone that all those items are supposed to be? Read only.
05:10
And there's also should be safe mode access so that the safe mode actresses toe allow the device to boot even if something goes wrong with the phone. So I install some app, and for whatever reason, the phone now won't boot. Most android phones. There's a way to force it into safe mode, and when it it's exactly like Windows safe mode.
05:30
So those of you that have used windows for a long time you know that when you boot. If there's been a system error, you've usually given the option to load into system or a safe mode. Excuse me when you load into, say, phone, you're on. Lee have access to certain functionality. Is the baseline functionality.
05:48
So with safe mode access? If I have an application that
05:51
crashed my system, for whatever reason, I boot up the phone, and every time the phone boots that application crashes the phone
05:59
I can boot into safe mode instead and have the ability to remove that phone, are removed that application and then reboot
06:06
into normal mode. And that should fix the crashing problems.
06:12
That's why safe mode is there.
06:15
Android's default core Secure Default Core applications,
06:19
Google Web Kit Browser, Google Calendar, Gmail,
06:25
Google Maps, Google SMS Messenger and Google email. Now these are the default APS
06:30
that Google has defined,
06:33
um,
06:34
in the operating system. However,
06:38
manufacturers,
06:40
depending on the definition document, are allowed to switch out some of these APS
06:46
four custom maps that provide the same functionality.
06:49
So if I'm a manufacturer,
06:51
I don't necessarily have to install Gmail.
06:56
I can install my own email client
07:00
as long as it has the same functionality that G e mailed us.
07:03
I don't have to install Google's calendar.
07:06
I can stall in solid, different calendar as long as it meets the requirements of the definition document.
07:14
This is one of the greatest strengths and one of the greatest weaknesses of android devices.
07:18
Unlike with Apple phone Apple iPhones were Apple makes the determination of exactly which APs come by default, and every single phone comes with the same default APS.
07:31
Google leaves some of this up to the manufacturer, so I, as a user if I don't do my research,
07:38
might not know that the HTC phone on your spot
07:42
isn't using the secure default core applications. It's not using Gmail or it's not using Google calendar. It's using something HTC put on the phone and said,
07:54
And how do I know that the applications that HTC just loaded
07:59
have the same security
08:01
or secure code that the applications that Google is looking at
08:05
or if the bug is found? How long is it going to take HTC to update their applications compared to how long it will take Google to upload or update their applications?
08:16
So it's great that is customizable. It's great. The manufacturers can make customization choices for the phones they're creating,
08:26
but there's a risk inherent in that
08:28
without using the default APS, you're now left up to the phone manufacturer to be doing the update process to doing the patching process, making sure that these programs don't have bugs in them. It's a longer Google's responsibility to make sure that HTC email client
08:48
doesn't have a bug in it. It's HCC is requirement to make sure that their email client doesn't have a bug in it.
08:58
So file system permissions
09:01
again. When I download an app and install it, I get a list of
09:07
what permissions the phone requires. I require
09:11
X, y and Z in orderto actually operate. Do you, as the user agree to this? You only have to agree
09:18
one time
09:18
or if the permissions changed on an update.
09:22
So
09:24
when you first install it, it needs these permissions.
09:28
Couple updates come out, and eventually with this update, it needs an additional permission. You was the user than have to say yes, I accept the new permissions,
09:37
but the whole time, the rest of time this program's running,
09:39
you don't see what permissions
09:43
it has. You don't see what resource is it's using you. Once you proved it, it's approved. It's good to go,
09:48
and that includes any code that comes with it. So again,
09:54
I have a free app, but it has
09:56
ads in it, and that's how they were actually making their morning.
10:01
The ads have the exact same permissions as the APP itself,
10:07
so and usually the ads aren't provided by
10:11
the developer of, Let's Say, the game,
10:13
Angry Birds. The developer probably isn't making the ads. It's an ad on code that they got from some other company. Well, that ad on code is running with same permissions that angry birds is running with. And if they didn't do validation
10:28
that that doesn't have any security flaws, you might be opening yourself up
10:33
two other attacks without even realizing it. And the angry birds developers don't realize it, either.
10:39
They didn't realize that there was a security vulnerability with whichever ad company they're using,
10:45
but
10:46
by the inherent permissions of angry birds, they've you've opened your
10:50
phone up through angry birds application to do something bad. Now I'm not saying angry birds is compromised in any way. It's just an app that everybody knows about
11:01
each app runs his own
11:03
as own user.
11:05
So again,
11:07
this is one of those ways they sandbox by not having
11:11
by having a unique user for each app.
11:15
APS shouldn't be able to work with each other because you have to have the right user permissions to run or two.
11:24
Change another application.
11:26
Data cannot be shared or changed by other APS, however,
11:31
and that there's a big. However,
11:33
there's authors of third party APS can circumvent
11:37
this OS role.
11:39
There are ways around it
11:43
again.
11:43
Google releases the code they make it. A secure is possible. But there's always going to be either spa, uggs or gotchas with the code.
11:54
Third party app. Developers have found ways
11:58
to circumvent the non sharing or changing by other APS.
12:03
How long is that going to remain? I don't know.
12:05
Is there a reason it's not closed?
12:07
Probably. But you'd have to ask Google why they allow it.
12:13
Android three points
12:15
Oh, or three point accent later offer full file system encryption.
12:20
So with Android three, which was only released for tablets in Android four, which is now a tablet and
12:26
phone
12:26
operating system,
12:28
I can fully encrypt my desk it takes about an hour,
12:35
which isn't bad. You had them a full battery. You have 100% battery has to be plugged in,
12:39
and I can encrypt. It takes about an hour
12:43
that
12:45
the recommendation is that it should be one of the first things you d'oh on the new device again
12:50
if somebody gets physical access to it, There's really two things that prevent them from getting the information from your device
12:58
easily, relatively easily. Having a password on the device and having the information on the back end encrypted.
13:03
In order to set encryption, you must have a password, and that password cannot be a swipe password.
13:11
So it has to be an alphanumeric password
13:16
does not encrypt removal. This is it does not decrypt removal media by default. From what I've seen, there's not even option on most devices to even encrypt the removable media.
13:28
When we talk about BlackBerry will see the BlackBerry devices. You do have the option to encrypt removable media cards.
13:35
Most android devices. I don't have that capability, and most android devices do have removable media. So if you're storing sensitive information on your tablet,
13:46
your encrypted tablet
13:48
and you're not password protecting or encrypting the documents themselves. You should really consider installing them or having them stored on the internal memory if you can, rather than on the memory card.
14:03
Because if I take the memory card
14:07
and put it into a forensic tool such as guidance software's in case or access data is F T K,
14:11
it would be able to read that information if it's not encrypted. Not a problem whatsoever to read that information. Most media cards are encrypted. Are formatted fat 32.
14:22
So very easy during the information off that media card without encryption
14:28
passwords. User configured not mandatory, not set by default.
14:33
Android devices by default have the swipe either the swipe to unlock.
14:37
Move the little guys down.
14:41
Thio. Unlock
14:45
those provide absolutely no security whatsoever.
14:48
So a minimum a swipe pattern should be chosen.
14:52
If any sort of sensitive information is used on that phone, though, it's recommended you use an alphanumeric password.
15:00
Forensic tools at this point, so
15:03
celebrate celebrates you. Fed is one of the preeminent forensic tools on the market.
15:11
Using the you fed
15:11
about half of the android phones that are available. That swipe pattern can be broken.
15:20
It can go in the physical memory, find out with a swipe pattern stored
15:24
and get this white pattern out of memory.
15:28
Can't do the same thing with complex passwords.
15:31
So just be aware. And this forensic tools.
15:35
What is it? The story in different places, in different ways?
15:37
Yes, it's stored differently, and it also depends on the manufacturer of the device and how the manufacturer stores it. So it's not necessarily an issue with the operating system itself
15:50
because when celebrate celebrates updates, the last couple of months have focused on particular device manufacturers.
15:58
So
16:00
I haven't seen a single HCC phone where the swipe pattern is breakable yet.
16:06
But I've seen other manufacturers where this white pattern is breakable. So then the question becomes, Is it the way the phone hardware
16:15
is working itself? That's allowing them to get to it? Or is it something with the operating system? Well, since the HTC ones don't have the swipe pattern breaking yet, I'm guessing it's the way the other device, many the Yeah, the other device manufacturers
16:30
have encrypted or stored the encryption, or there's some weakness somewhere, I can tell you with the iPhone, the encryption chip on the,
16:38
um
16:41
iPhone three G s and the iPhone for there's a there's a flaw on where it allows you to brute force it. I can't tell you exactly what
16:51
Celebrate is targeting for the android ones because they haven't.
16:56
They don't want their competitors to know how they're breaking. So they haven't released specifics on what exactly they're doing to get the information,
17:03
I can tell you that they have the ability to do so,
17:07
so I don't know if I answered your question or sort of bypassed it, but
17:12
it's known by celebrate, but
17:15
they're not gonna tell me how they're exactly doing it.
17:21
Passwords help prevent unauthorized access. It's the first layer of security when we talked about cell phones. We talk about multiple layers of security we want make it as difficult as possible for some way to get access to the phone.
17:34
Once you've set a password, you can then set file system encryption
17:40
whenever I buy an android device, and I bought three. So far, the first thing I do when I get back from the store
17:47
is after providing it with my
17:49
Gmail account, which is the first thing you have to d'oh!
17:52
I set a password before I do anything else, and the next thing I dio is if it has a full charge
17:59
I've turned encryption on. If it doesn't, I plug it in until it has a full charge. And I turned encryption
18:06
so that the user data is not encrypted by default. When we talk about Apple there, user partition is encrypted by default it up to the operating system. Whether it's encrypted by default. APPA Android does not
18:19
pattern lock. It's just a user, too. Findable graphical password does not allow for encryption, and basically what you d'oh
18:27
is, you draw pattern.
18:32
You can only do each dot once
18:33
you can't go through a dot twice,
18:37
so you have nine points of security.
18:41
And once it said,
18:42
you're good to go,
18:45
except you can't encrypted that point. And
18:48
the screens are very good at keeping fingerprints. So if you're not wiping your phone off constantly and you just unlocked it, somebody will very easily be able to see which password you just in. Put it on your device. So just be careful about that.
19:03
Some devices
19:06
well, you can send a pin or even set an alphanumeric password. I would not set a pin. Yes again. Four digit password. Nice and easy.
19:15
But if you just set a pin, there's a chance that it could be easily brute forced. There's only 10,000 cop. There's only 10,000 possibilities when we talk about a pin. 000029999 It's only a four digit pin.
19:30
If there's a weak, any sort of weakness,
19:33
such as the earlier iPhones,
19:36
it can pass word break
19:37
that the password. No problem whatsoever.
19:41
So to get to the security options, sat ing security in the go to screen lock and within those menus of the last for both pattern lock and or password
19:52
security validation certified. So
19:56
this is the certified government. Oh, it's co created by the Endesa. So they worked with Google
20:02
and they were able Thio, um,
20:04
create this custom colonel for allowing their employees to use on android devices
20:14
the base level OS security open source operating system subject to high scrutiny. Anybody in their mother could get access to the source code. Anybody can look at it now, not anybody's gonna probably understand it, but if you have any sort of limits. Programming background.
20:30
You're probably exactly understand what the code is doing.
20:36
The core operating system is isolated again. We keep the core system separate from the applications. Bears
20:44
Colonel per partition is also set to read only so APS should not be able to write to the colonel Partition
20:52
Authentication. Token based. Two factor authentication so you can get additional
20:57
security on your phone to require two factor authentication.
21:03
But that's not by default.
21:07
Data protection. Full file system Encryption is possible on Lee encrypts tthe e user partition does not encrypt the system partition,
21:18
but anybody can see the system partition anyway because everybody has access to the source code, so your user data isn't stored there. So for your purpose is, my purpose is
21:27
we want to protect Thea
21:30
the user side of the house.
21:33
Encrypt all that on the device, excluding the system Colonel
21:37
and Crips, or can encrypt external storage if the device manufacturer enabled it.
21:45
Some do most don't. So normally, the removable media card is not encrypted ble
21:52
applications security. All applications require code. Sign in to Google has told the developers you must sign the code with the certificate that we provide you when you become an APP developer,
22:04
and if you try to run a code or right run an application that's not signed. More than likely, your android devices going to either fail on the install or the application will crash while is trying to run
22:18
and uses the colonel level application sandbox. So again, the applications air away from the system kernel and the applications are in their own memory space, so they should not be able to talk with one another.

Up Next