Android Security: Control Flow Integrity in the Android kernel

October 11, 2018 ~ hucktech ~ Leave a comment

Android Developers Blog:Control Flow Integrity in the Android kernel https://t.co/dbVi2pbCqd via @google

— Thomas Garnier (@mxatone) October 10, 2018

by Sami Tolvanen, Staff Software Engineer, Android Security

Android’s security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in Android 9, we continued this work by focusing on compiler-based security mitigations against code reuse attacks. Google’s Pixel 3 will be the first Android device to ship with LLVM’s forward-edge Control Flow Integrity (CFI) enforcement in the kernel, and we have made CFI support available in Android kernel versions 4.9 and 4.14. This post describes how kernel CFI works and provides solutions to the most common issues developers might run into when enabling the feature.[…]

https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html

ChromeBook CampFire?

August 13, 2018 ~ hucktech ~ Leave a comment

Chromebooks may get Apple Boot Camp-like Windows 10 dual boot with "Campfire" https://t.co/jY64vUO9M5 pic.twitter.com/42ujxCgXxo

— XDA (@xdadevelopers) August 12, 2018

https://twitter.com/coolstarorg/status/1028677996578660352

Everything we know about Campfire, Google’s secretive project to get Windows 10 running on Chromebooks.[…]

https://www.xda-developers.com/chromebooks-chrome-os-windows-10-dual-boot-apple-boot-camp-campfire/

Android boot flow and Verified Boot docs updated

August 10, 2018 ~ hucktech ~ Leave a comment

Last week, Google updated the documentation on the Android boot flow and Verified Boot:

https://source.android.com/security/verifiedboot/

https://source.android.com/security/verifiedboot/verified-boot

https://source.android.com/security/verifiedboot/boot-flow

Google seeks Fall Intern for LinuxBoot

August 10, 2018 ~ hucktech ~ Leave a comment

See tweet:

I am looking for a FALL intern to work on @LinuxBootOrg-related boot security projects at Google this year! (~Oct-Dec, Bay Area) Must be in school, at any level (Bachelor's – PhD). DMs are open.

— chris @hugelgupf@hachyderm.io (@hugelgupf) August 8, 2018

zircon-uefi: mirror of the zircon UEFI headers

August 3, 2018August 3, 2018 ~ hucktech ~ Leave a comment

There’s a new mirror of the Google Fuschsia UEFI headers:

https://github.com/no92/zircon-uefi

See-also:

https://fuchsia.googlesource.com/zircon/+/master/docs/ddk/driver-development.md

https://en.wikipedia.org/wiki/Google_Fuchsia

UEFI bootloader for Google Fuchsia

Bloomberg article on Google Fuchsia

July 19, 2018 ~ hucktech ~ Leave a comment

Inside Google’s development of Fuchsia – successor to Android + details on plans, internal skepticism and more. With ⁦@mhbergen⁩ https://t.co/9mgIeHrM8A

— Mark Gurman (@markgurman) July 19, 2018

This story gives some background on Google’s Fuchsia platform.

https://www.bloomberg.com/news/articles/2018-07-19/google-team-is-said-to-plot-android-successor-draw-skepticism

Project ‘Fuchsia’: Google is Quietly Working on a Successor to Android
By Mark Bergen
and Mark Gurman
July 19, 2018, 3:00 AM PDT Updated on July 19, 2018, 8:31 AM PDT

rowhammer-test: Google tool to test for Rowhammer

July 16, 2018 ~ hucktech ~ Leave a comment

This is a 3-year-old tool, I just noticed. it. 😦

Google has created rowhammer-test to help with Rowhammer detection. Currently it works on Linux and Mac on Intel systems.

https://github.com/google/rowhammer-test

There’s also a mailing list for related discussions.

https://groups.google.com/forum/#!forum/rowhammer-discuss

Mitigating Spectre with Site Isolation in Chrome

July 14, 2018July 14, 2018 ~ hucktech ~ Leave a comment

https://t.co/HOFGjNiZf1

— Shawn C – citypw@ioc.exchange (@citypw) July 14, 2018

https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html

Google Android: Pixel firmware security updates

June 28, 2018 ~ hucktech ~ Leave a comment

[…]To prevent attackers from replacing our firmware with a malicious version, we apply digital signatures. There are two ways for an attacker to defeat the signature checks and install a malicious replacement for firmware: find and exploit vulnerabilities in the signature-checking process or gain access to the signing key and get their malicious version signed so the device will accept it as a legitimate update. The signature-checking software is tiny, isolated, and vetted with extreme thoroughness. Defeating it is hard. The signing keys, however, must exist somewhere, and there must be people who have access to them.[…]

https://security.googleblog.com/2018/06/insider-attack-resistance.html

Chromium: Post-Spectre Threat Model Re-Think

May 30, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/fugueish/status/1001605230583136256

In light of Spectre/Meltdown, we needed to re-think our threat model and defenses for Chrome renderer processes. Spectre is a new class of hardware side-channel attack that affects (among many other targets) web browsers. This document describes the impact of these side-channel attacks and our approach to mitigating them. The upshot of the latest developments is that the folks working on this from the V8 side are increasingly convinced that there is no viable alternative to Site Isolation as a systematic mitigation to SSCAs [speculative side-channel attacks]. In this new mental model, we have to assume that user code can reliably gain access to all data within a renderer process through speculation. This means that we definitely need some sort of ‘privileged/PII data isolation’ guarantees as well, for example ensuring that password and credit card info are not speculatively loaded into a renderer process without user consent. […] In fact, any software that both (a) runs (native or interpreted) code from more than one source; and (b) attempts to create a security boundary inside a single address space, is potentially affected. For example, software that processes document formats with scripting capabilities, and which loads multiple documents from different sources into the same process, may need to take defense measures similar to those described here.[…]

https://chromium.googlesource.com/chromium/src/+/master/docs/security/side-channel-threat-model.md

Android bootloader flow documentation published

May 28, 2018 ~ hucktech ~ Leave a comment

Alex Deymo notes that the Android project has more documentation on their boot process, and posted about it on the U-Boot mailing list:

“Just an FYI, earlier this month the team spent some time polishing and publishing in source.android.com documentation about the flows the bootloader goes through in Android, specially true for stock Android like in Pixels phones or other devices based of recent AOSP versions. This documentation includes the interaction between userspace and the bootloader such as the properties userspace expects when booting A/B devices, the whole A/B flow, the bootloader message in the misc partition (BCB), how they interact with the “recovery mode” in Android and much more.

https://lists.denx.de/pipermail/u-boot/2018-May/329886.html

https://source.android.com/devices/bootloader/

GLitch: a remote Rowhammer exploit on ARM Android devices

May 4, 2018 ~ hucktech ~ Leave a comment

Disclosure process is over folks! Finally we can now share our work /cc @gober @c_giuffrida @herbertbos @vu5sec. Also big thanks to @brainsmoke for helping out with #GLitch https://t.co/vsMUbpJtcx

— Pietro Frigo (@pit_frg) May 3, 2018

What is GLitch?

GLitch is one part of our series of Rowhammer attacks. We started by breaking the EDGE browser and the cloud. Then we moved towards Android devices showing how to root them with bit flips. This time we wanted to show that also mobile phones can be attacked remotely via the browser.
Meet GLitch: the first instance of a remote Rowhammer exploit on ARM Android devices. This makes it possible for an attacker who controls a malicious website to get remote code execution on a smartphone without relying on any software bug.
You want to know what makes this attack even cooler? It is carried out by the GPU. This is the first GPU-accelerated Rowhammer attack.[…]

https://www.vusec.net/projects/glitch/

Google Asylo: SDK for apps that run in TEEs

May 3, 2018 ~ hucktech ~ Leave a comment

Hello from Asylo! We've just announced an open source project with a grand vision to democratize confidential computing via portable and flexible tooling.https://t.co/U2iW2IW3rD

— Asylo Framework (@asylodev) May 3, 2018

Google Asylo is a framework for enclave applications: https://t.co/ILHVFRkFVP

It looks like it has SGX support.

— Steve Weis (@sweis) May 3, 2018

I am proud to announce today how the #gsecurity team is now unveiling @asylodev which is an open-source framework for confidential computinghttps://t.co/Ixf8siSKTa

— David B. Cross 🇺🇦 (@MrDBCross) May 3, 2018

Y'all, I can finally talk about what I've been working on in less cryptic terms. #asylo #gsecurity #opensource https://t.co/evVahf486j

— Abolish police and prisons (@DrDeeGlaze) May 3, 2018

https://twitter.com/qrs/status/992109956659863552

[…]Today we’re excited to announce Asylo (Greek for “safe place”), a new open-source framework that makes it easier to protect the confidentiality and integrity of applications and data in a confidential computing environment. Asylo is an open-source framework and SDK for developing applications that run in trusted execution environments (TEEs). TEEs help defend against attacks targeting underlying layers of the stack, including the operating system, hypervisor, drivers, and firmware, by providing specialized execution environments known as “enclaves”. TEEs can also help mitigate the risk of being compromised by a malicious insider or an unauthorized third-party. Asylo includes features and services for encrypting sensitive communications and verifying the integrity of code running in enclaves, which help protect data and applications.[…]

https://cloudplatform.googleblog.com/2018/05/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html

https://github.com/google/asylo

https://asylo.dev/

How to update Chrome OS firmware to improve security

April 6, 2018 ~ hucktech ~ Leave a comment

How to update Chrome OS firmware to improve security
By Andy Wolber

1. Check Chrome OS firmware version
2. Save settings and files
3. Create Chrome recovery media
4. Update with a Powerwash

Full article:
https://www.techrepublic.com/article/how-to-update-chrome-os-firmware-to-improve-security/

See-also:
https://support.google.com/chromebook/answer/183084
https://support.google.com/chromebook/answer/3296214
https://support.google.com/chrome/a/answer/1360642
https://support.google.com/chromebook/answer/1080595

CNet: How Chromebooks became the go-to laptops for security experts

April 1, 2018April 1, 2018 ~ hucktech ~ Leave a comment

[…]Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010:
sandboxing,
verified boots,
power washing and
quick updates.
These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did. “That’s the fundamental difference between how Chrome OS works and how any other computer at the time worked,” Liu said.[…]

https://www.cnet.com/uk/news/how-google-chromebooks-became-the-go-to-laptop-for-security-experts/

Google introduces Android Enterprise Recommended program

February 22, 2018 ~ hucktech ~ Leave a comment

#AndroidEnterprise Recommended makes it easy to find the best devices and services for your business. Learn more: https://t.co/XrYaEfZBDC pic.twitter.com/tFrsK1yfgy

— Android (@Android) February 21, 2018

Google introduces the Android Enterprise Recommended program to certify smartphones for business use https://t.co/JtdCjPrvX8 pic.twitter.com/NBb7uYOI3u

— XDA (@xdadevelopers) February 21, 2018

https://www.android.com/enterprise/recommended/requirements/

https://www.android.com/enterprise/recommended/

https://androidenterprisepartners.withgoogle.com/#!/results/browse-all/2

new ChromeOS TPM security feature

February 21, 2018 ~ hucktech ~ Leave a comment

https://www.androidpolice.com/2018/02/18/google-releases-optional-security-update-chromebooks-wipes-local-data/

https://www.techrepublic.com/article/chromebook-update-boosts-security-but-wipes-all-data-in-the-process/

TPM Update For Chrome OS: Why And How

https://www.chromium.org/chromium-os/tpm_firmware_update

https://productforums.google.com/forum/#!topic/chromebook-central/eo2HZeDVjr8

https://www.infineon.com/cms/en/product/promopages/tpm-update/

cpu_features: library from Google Compiler Research Team

February 8, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/revskills/status/961322810349105154

[…]Here’s the problem: there’s no way to know a priori which instructions your CPU supports. Identifying the CPU manufacturer isn’t sufficient. For instance, Intel’s Haswell architecture supports the AVX2 instruction set, while Sandy Bridge doesn’t. Some developers resort to desperate measures like reading /proc/cpuinfo to identify the CPU and then consulting hardcoded mappings of CPU IDs to instructions. Enter cpu_features, a small, fast, and simple open source library to report CPU features at runtime. Written in C89 for maximum portability, it allocates no memory and is suitable for implementing fundamental functions and running in sandboxed environments. The library currently supports x86, ARM/AArch64, and MIPS processors, and we’ll be adding to it as the need arises. We also welcome contributions from others interested in making programs “write once, run fast everywhere.”

By Guillaume Chatelet, Google Compiler Research Team

https://opensource.googleblog.com/2018/02/cpu-features-library.html

https://github.com/google/cpu_features

Replace your exploit-firmware with Linux: video available

October 29, 2017 ~ hucktech ~ Leave a comment

https://twitter.com/qrs/status/924704712896712704

Re: https://firmwaresecurity.com/2017/10/27/google-wants-servers-without-intel-me-and-uefi/

Video of presentation is available:

Google wants servers without Intel ME and UEFI

October 27, 2017 ~ hucktech ~ 2 Comments

Golem has a story about the recent Google presentation at OSSEU2017:

From Google Translation of German text:

Google wants servers without Intel ME and UEFI
by Sebastian Grüner
According to the motto “Are you afraid?” a team of Google’s coreboot developers is working with colleagues to make Intel’s ME and the proprietary UEFI harmless in servers. And probably with success.[…]

Click to access Replace%20UEFI%20with%20Linux.pdf

https://www.golem.de/news/freie-linux-firmware-google-will-server-ohne-intel-me-und-uefi-1710-130840.html

https://osseu17.sched.com/event/ByYt/replace-your-exploit-ridden-firmware-with-linux-ronald-minnich-google

Ronald Minnich auf dem Open Source Summit in Prag

Maybe I missed it, but I didn’t see the video of this presentation archived.