Uncategorized

Chromium: Post-Spectre Threat Model Re-Think

In light of Spectre/Meltdown, we needed to re-think our threat model and defenses for Chrome renderer processes. Spectre is a new class of hardware side-channel attack that affects (among many other targets) web browsers. This document describes the impact of these side-channel attacks and our approach to mitigating them. The upshot of the latest developments is that the folks working on this from the V8 side are increasingly convinced that there is no viable alternative to Site Isolation as a systematic mitigation to SSCAs [speculative side-channel attacks]. In this new mental model, we have to assume that user code can reliably gain access to all data within a renderer process through speculation. This means that we definitely need some sort of ‘privileged/PII data isolation’ guarantees as well, for example ensuring that password and credit card info are not speculatively loaded into a renderer process without user consent. […] In fact, any software that both (a) runs (native or interpreted) code from more than one source; and (b) attempts to create a security boundary inside a single address space, is potentially affected. For example, software that processes document formats with scripting capabilities, and which loads multiple documents from different sources into the same process, may need to take defense measures similar to those described here.[…]

https://chromium.googlesource.com/chromium/src/+/master/docs/security/side-channel-threat-model.md

 

Standard
Uncategorized

Android bootloader flow documentation published

Alex Deymo notes that the Android project has more documentation on their boot process, and posted about it on the U-Boot mailing list:

“Just an FYI, earlier this month the team spent some time polishing and publishing in source.android.com documentation about the flows the bootloader goes through in Android, specially true for stock Android like in Pixels phones or other devices based of recent AOSP versions. This documentation includes the interaction between userspace and the bootloader such as the properties userspace expects when booting A/B devices, the whole A/B flow, the bootloader message in the misc partition (BCB), how they interact with the “recovery mode” in Android and much more.

https://lists.denx.de/pipermail/u-boot/2018-May/329886.html

https://source.android.com/devices/bootloader/

Standard
Uncategorized

GLitch: a remote Rowhammer exploit on ARM Android devices

What is GLitch?

GLitch is one part of our series of Rowhammer attacks. We started by breaking the EDGE browser and the cloud. Then we moved towards Android devices showing how to root them with bit flips. This time we wanted to show that also mobile phones can be attacked remotely via the browser.
Meet GLitch: the first instance of a remote Rowhammer exploit on ARM Android devices. This makes it possible for an attacker who controls a malicious website to get remote code execution on a smartphone without relying on any software bug.
You want to know what makes this attack even cooler? It is carried out by the GPU. This is the first GPU-accelerated Rowhammer attack.[…]

https://www.vusec.net/projects/glitch/

 

Standard
Uncategorized

Google Asylo: SDK for apps that run in TEEs

[…]Today we’re excited to announce Asylo (Greek for “safe place”), a new open-source framework that makes it easier to protect the confidentiality and integrity of applications and data in a confidential computing environment. Asylo is an open-source framework and SDK for developing applications that run in trusted execution environments (TEEs). TEEs help defend against attacks targeting underlying layers of the stack, including the operating system, hypervisor, drivers, and firmware, by providing specialized execution environments known as “enclaves”. TEEs can also help mitigate the risk of being compromised by a malicious insider or an unauthorized third-party. Asylo includes features and services for encrypting sensitive communications and verifying the integrity of code running in enclaves, which help protect data and applications.[…]

https://cloudplatform.googleblog.com/2018/05/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html

https://github.com/google/asylo

https://asylo.dev/

Standard
Uncategorized

How to update Chrome OS firmware to improve security

How to update Chrome OS firmware to improve security
By Andy Wolber

1. Check Chrome OS firmware version
2. Save settings and files
3. Create Chrome recovery media
4. Update with a Powerwash

Full article:
https://www.techrepublic.com/article/how-to-update-chrome-os-firmware-to-improve-security/

 

See-also:
https://support.google.com/chromebook/answer/183084
https://support.google.com/chromebook/answer/3296214
https://support.google.com/chrome/a/answer/1360642
https://support.google.com/chromebook/answer/1080595

Standard
Uncategorized

CNet: How Chromebooks became the go-to laptops for security experts

[…]Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010:
sandboxing,
verified boots,
power washing and
quick updates.
These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did. “That’s the fundamental difference between how Chrome OS works and how any other computer at the time worked,” Liu said.[…]

https://www.cnet.com/uk/news/how-google-chromebooks-became-the-go-to-laptop-for-security-experts/

 

Standard
Uncategorized

Google introduces Android Enterprise Recommended program

https://www.android.com/enterprise/recommended/requirements/

https://www.android.com/enterprise/recommended/

https://androidenterprisepartners.withgoogle.com/#!/results/browse-all/2

Standard