Tag: Android

Insyde Software’s HumanOS

~ hucktech ~ Leave a comment

Last week at Intel IDF Insyde Software announced updates to get Android Lollipop on Intel Core M systems, working with Intel China.

Insyde has an Android-based OS called “Humanos(R)”, which I had not heard of until now (it reminds me of AMI’s AMIDuOS):

Humanos is an instant-on software environment developed for notebooks and netbooks running Microsoft Windows, and is currently optimized for use with Google’s latest Android and Chromium open-source mobile operating systems. Humanos utilizes Insyde Software’s Quick-to-Launch UEFI Software, giving mobile PC users immediate access to an expanding set of mobile applications through the instantly available operating environment. Many of today’s open source operating systems provide mobile platforms the opportunity to integrate lots of new functionality within a very small footprint. Humanos from Insyde Software addresses the increasing demand for these open source operating systems by implementing them as secondary instant-on software environments to Windows based platforms or as standalone “app ready” user-friendly environments. This solution provides easy integration and great performance through Insyde Software’s UEFI Instant-On technology, and brings additional value to the platform. Additionally, platforms featuring Humanos can access Insyde Market, the world’s first Android applications market for netbook computers. Insyde Market features a growing list of Android applications optimized for the mobile PCs, which provides a continual source of added value for users and platform manufacturers that choose to include Humanos.

http://www.insyde.com/products/humanos
http://www.insyde.com/products/androidsolutions
http://www.insydesw.com/press_news/press-releases/insyde%C2%AE-software-collaborates-intel%C2%AE-china-bring-android%E2%84%A2-50-latest-intel%C2%AE

Android Marshmallow released

~ hucktech ~ Leave a comment

Google recently released Developer Preview 3 of Android 6.0 SDK, Android “M”, Marshmallow. So far, I don’t see any firmware-centric changes yet…

http://developer.android.com/preview/support.html#preview3-notes
http://android-developers.blogspot.com/2015/08/m-developer-preview-3-final-sdk.html

https://en.wikipedia.org/wiki/Android_Marshmallow

 

new Android firmware research at DFRWS next week

~ hucktech ~ Leave a comment

DFRWS USA 2016, the Digital Forensics Research Conference USA 2015 is happening next week in Philadelphia, PA, USA. [DFRWS is the acronym, so I’m guessing it was a WorkShop before it was a Conference?] DFRWS is held in cooperation with the ACM’s SIG on Security, Audit and Control (SIGSAC).  Next week, there are a lot of interesting forensic and RE talks happening, but I only see one firmware-related one, from a quick look at the schedule:

“New acquisition method based on firmware update protocols for Android smartphones”
Seung Jei Yang, Jung Ho Choi, Ki Bom Kim, and Tae Joo Chang

Also, if you search the archives, you’ll find a handful of firmware-related talks (not many). DFRWS EU 2016 will be held from March 29 to April 1, 2016 in Lausanne, Switzerland.

http://www.dfrws.org/2015/program.shtml

Google revises Nexus update policy

~ hucktech ~ Leave a comment

Last week, Adrian Ludwig (Lead Engineer for Android Security) and Venkat Rapaka (Director of Nexus Product Management) posted a blog entry on the Official Android blog, announcing a change to the Nexus update policy:

“Nexus devices have always been among the first Android devices to receive platform and security updates. From this week on, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates. The first security update of this kind began rolling out today, Wednesday August 5th, to Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player. This security update contains fixes for issues in bulletins provided to partners through July 2015, including fixes for the libStageFright issues. At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.”

Nexus aside, I hope other carriers also have clear policies about updates.

Read the full announcement here:
http://officialandroid.blogspot.com/2015/08/an-update-to-nexus-devices.html?m=1

Joe Fitzpatrick joins Xipiter

~ hucktech ~ Leave a comment

I didn’t know about this company until today. It looks like Joe Fitzpatrick of SecuringHardware is or soon will be joining them:

https://twitter.com/XipiterSec/status/616275086652235776

It appears Xipiter does security training, including Intel- and ARM-based hardware-level courses, including at upcoming DEF CON. They appear to have an upcoming Android course in the works, related to the Wiley Android Hacker’s Handbook, which has a nice chapter on ARM firmware hacking. They have other services besides training, and some hardware products as well.

http://www.xipiter.com/
http://www.xipiter.com/team.html
http://www.xipiter.com/training.html

http://securinghardware.com/

Android M Verified Boot UI changes

~ hucktech ~ Leave a comment

As reported by multiple online news sources, Android is getting some UI changes related to Verified Boot. Quoting Android Police article:

“Google has just added an interesting page to the Nexus support site that lists new operating system safety warnings. According to the page, this is a boot verification system that checks the integrity of your device software during each startup. You probably haven’t seen this on any devices yet, but Android M is right around the corner.”

More Information:
http://www.ibtimes.co.uk/android-m-introduce-googles-new-boot-verification-system-1512937
http://www.androidpolice.com/2015/07/27/google-posts-details-of-user-facing-verified-boot-system-probably-coming-in-android-m/
https://source.android.com/devices/tech/security/verifiedboot/index.html
https://support.google.com/nexus/answer/6185381

AMIDebug

~ hucktech ~ 1 Comment

[UDPATE: comment from a smart reader:
AMIDebug technology is not useful for end users and researchers because it’s support should be specifically compiled in in a special DEBUG build. The AMI DebugRX hardware part is OK to get port 80h codes via USB, mediocre source-level debugging. Intel XDP or Arium-ITP are similar to AMIDebug, both nice products, and don’t require any firmware changes or special build modes.
BTW, I don’t know why Comments don’t show up on blog web site, working on trying to fix that… ]

Earlier this week AMI announced USB3 support for their AMIDebug for UEFI product.

Apparently AMI has 3 versions of this: 1) AMIDebug for UEFI software for Aptio V, 2) the AMIDebug Rx handheld USB debug device, and 3) Aptio V UEFI Firmware from AMI.

Press release excerpts:

American Megatrends, Inc. (AMI), a global leader in BIOS, remote management, network data storage products and solutions for the Android(TM) operating system, is pleased to announce support for USB 3.0 controllers in the latest release of its AMIDebug(TM) for UEFI debugging solution for Aptio(R) V UEFI Firmware.

AMIDebug for UEFI from American Megatrends is a powerful software-based solution for debugging UEFI projects based on Aptio or the UEFI Shell, offering source-level symbolic (C and Assembler) debugging without the need for expensive JTAG hardware debug tools.

The latest AMIDebug for UEFI release, developed specifically for the company’s flagship Aptio V UEFI Firmware, adds support for USB 3.0 debug among other important features. These newly-added features signify a key development in the evolution of this debug software, since many chipsets now only support USB 3.0 (XHCI) and in many cases no longer incorporate older USB standards (EHCI) in their hardware designs, such as the Intel(R) Atom(TM) x5-Z8300 series processors.

What remains unchanged in AMIDebug for UEFI is its ability to facilitate firmware development for AMI OEM and ODM customers in unprecedented ways thanks to its deep integration into the entire UEFI development ecosystem. AMIDebug for UEFI continues to offer standard debugging features like Break, Step, Step Over, Step Into, Step, run to cursor and set next statement, in addition to UEFI-specific debugging features like Stop at Driver Name Entry, Stop at PEIM Name Entry, Stop at CheckPoint, Stop at beginning of PEI/DXE, SMM Debugging and disassembly view. Moreover, many different firmware development viewers are supported including memory, CPU registers, PCI Bus, call stack, I/O and Indirect I/O.

Sigh, I wish these were available for UEFI ISVs and UEFI Security Researchers, not just restricted to AMI’s UEFI OEM/ODMs! I want one. 😦

More Information:

http://www.ami.com/news/press-releases/?PressReleaseID=322&/American%20Megatrends%20Announces%20Support%20for%20USB%203.0%20Controllers%20in%20Aptio%20V%20AMIDebug%20for%20UEFI/
http://www.ami.com/products/bios-uefi-tools-and-utilities/amidebug-rx/
http://www.ami.com/resources/resource-library/?documentationSearch=amidebug

New Android security research

~ hucktech ~ Leave a comment

As reported yesterday by Lucian Armasu in TomsHardware.com, there’s a research paper that talks about security issues of customizing mobile devices:

Security and system architecture: comparison of Android customizations
Roberto Gallo, Patricia Hongo, Ricardo Dahab, Luiz C. Navarro, Henrique Kawakami, Kaio Galvão, Glauber Junqueira, and Luander Ribeiro
“Smartphone manufacturers frequently customize Android distributions so as to create competitive advantages by adding, removing and modifying packages and configurations. In this paper we show that such modifications have deep architectural implications for security. We analysed five different distributions: Google Nexus 4, Google Nexus 5, Sony Z1, Samsung Galaxy S4 and Samsung Galaxy S5, all running OS versions 4.4.X (except for Samsung S4 running version 4.3). Our conclusions indicate that serious security issues such as expanded attack surface and poorer permission control grow sharply with the level of customization.”

https://dl.acm.org/citation.cfm?id=2766519

See the TomsHardware article for some additional comments, beyond the research.

http://www.tomshardware.com/news/customized-android-firmware-security-vulnerabilities,29631.html

(Re: ‘firmware’ use in TomHardware article, I wish there was more granularity for the term ‘firmware’, it is often used to refer to embedded OS code on mobile devices.)

Replicant on mobile device security

~ hucktech ~ Leave a comment

The Replicant project is a Free Software-specific fork of Android, which focuses on users’ freedoms, and privacy/security. They try to get Android running without any firmware- or OS-level “blobs”, which gives them technical perspectives that most don’t have. They have a document which gives a decent introduction to mobile device security, including hardware, firmware, OS, and app issues, and about security issues of mobile baseband chips.. The advice is focused for someone using Replicant, but the app advice is applicable to most Android users.

More Information:

http://www.replicant.us/freedom-privacy-security-issues.php

AMI AMI DuOS: runs Android and Windows, no rebooting

~ hucktech ~ 1 Comment

Today, AMI announced DuOS, aka AMIDuOS, a new OS that runs Windows (v7 or v8) along with Android v5, users are able to use both OSes without rebooting. AMIDuOS is now in Beta for download; it is a commercial product, not open source or freeware: it cost $10 for a lifetime license – with a 30–day free trial. A few excerpts from their press release are below.

“AMIDuOS is a revolutionary new concept that brings the functionality, depth and fun of the Android experience to Microsoft Windows devices. It runs on nearly any Windows 7 or 8 PC or tablet device for fast, easy switching between Windows and Android environments – without the need to dual boot! Usage of AMIDuOS is quite similar to Android device. You just have to download and install, You got your Android device on Windows PC.”

“AMIDuOS runs on any modern Windows Desktops, Laptops, Tablets and 2-in-1 Devices. System requirements: x86 Processor. 32/64-bit of Windows 7/8/8.1. OpenGL 3.0 and above. Hardware Virtualization Technology should be enabled in BIOS. Minimum 3GB of System RAM. Minimum 2GB of Hard disk free space.”

“Now, users have access to the full library of Android apps on their Windows device – running either full-screen or in a window, while retaining the ability to switch over to their traditional Windows apps at any time – with no need to reboot. AMIDuOS is truly the best of both worlds. AMI has utilized its decades of expertise to build hardware acceleration support into the app, and support direct hardware access whenever possible. Emulation is only used when needed – otherwise code runs natively. This, plus 3D acceleration support, means incredible performance so games and video-intensive apps run smoothly and quickly. Since AMIDuOS can access native PC hardware and drivers, apps can take advantage of the touchscreen, sensors, peripherals, GPS, camera and more to deliver a fully immersive Android experience. AMI has tested AMIDuOS with over 4,000 apps and is continually releasing updates to improve compatibility.

“In order to enjoy the full performance of DuOS, Virtualization Technology (VT-x) should be enabled in BIOS. Please ensure that your System supports Virtualization Technology.”

More Information:

http://amiduos.com/support/knowledge-base/article/what-is-duos
http://amiduos.com/support/knowledge-base/article/enabling-virtualization-in-bios
http://www.intel.com/content/www/us/en/virtualization/virtualization-technology/intel-virtualization-technology.html
http://www.ami.com/news/press-releases/?PressReleaseID=315&/American%20Megatrends%20Unwraps%20Lollipop%20-%20Run%20Android%205.0.1%20Apps%20on%20Windows%20Devices%20without%20Compromise/