Forgot your password?
typodupeerror
Android Cellphones Government Handhelds Security Linux

NSA Releases Security-Enhanced Android 81

Posted by timothy
from the but-don't-worry dept.
An anonymous reader writes with the recent news that, in line with its goal to provide secure phones to government employees in various domains, "The NSA has released a set of security enhancements to Android. These appear to be based on SELinux, which was also originally created by the NSA."
This discussion has been archived. No new comments can be posted.

NSA Releases Security-Enhanced Android

Comments Filter:
  • Another platform, more backdoors?

    • by pushing-robot (1037830) on Friday January 13, 2012 @10:27PM (#38694490)

      One source said it has twice as many backdoors as SELinux. Another source said ten times as many.

      I think they're both correct.

      • by Feyshtey (1523799)
        Probably true, .. but source?
        • by cduffy (652)

          *sigh*. Think about it for a moment. For which values of x is it true that 2x == 10x?

      • by Nerdfest (867930)
        I'm just amazed to see an Android story without a first post by Bonch or one of his ilk.
      • by Anonymous Coward

        One source said it has twice as many backdoors as SELinux. Another source said ten times as many.

        I think they're both correct.

        Wait, if it has both twice as many backdoors as SELinux and ten times as many, wouldn't that imply both have zero backdoors?

    • by Baloroth (2370816) on Friday January 13, 2012 @10:32PM (#38694520)

      SELinux Android is OSS, same as SELinux. Look at the code yourself if you are convinced there are backdoors. That is part of the point of OSS after all.

      • by mathimus1863 (1120437) on Saturday January 14, 2012 @12:18AM (#38695036)
        Have you ever heard of the Underhanded C Contest [xcott.com]. You get points for making the code exhibit some kind of backdoor, extra points for the more it looks like it could've been an innocent mistake (for instance, code where using a less-than-or-equal-to operator instead of less-than operator actually opens up an obscure security hole, and it's a mistake programmers make all the time).

        I recommend you look at some of the examples of winning entries. It's amazing what these people have come up with. No number of eyes will find it. Simply put, even if it's a popular open-source project, thousands of eyes are likely to miss a well-placed backdoor like these. And if anyone is capable of doing it, the NSA certainly is.

        Still don't believe me? How about the OpenSSH PRNG flaw [cyberciti.biz] that went unnoticed for two years, despite being used in servers all over the world. It was due to someone removing what appeared to be a useless line of code, but that code was actually adding some necessary extra entropy to the random number generator. It might've been an accident, or malicious. But the point is it happened, and on a high-profile project.
        • by Darkness404 (1287218) on Saturday January 14, 2012 @12:48AM (#38695182)
          You can't be 100% secure, 100% of the time. There will /always/ be a weak link. Be it a backdoor or a security flaw. The goal is to manage your risks. Using security enhanced Android (after about a good month for security researchers to look at the code) is unlikely to introduce any more government-imposed security risks than simply being in the US and its tyrannical laws (PATRIOT Act, CALEA, etc.). Chances are, SEA is going to be more secure than the patched together stock Android system.

          Of course they can hide a backdoor in it. But why bother when they already have nearly unlimited powers due to the PATRIOT act, have many corporations that will bend over backwards for the police state, and laws like CALEA.
        • by Anonymous Coward on Saturday January 14, 2012 @12:56AM (#38695216)

          Capable? Yes. The NSA hires geniuses. But so do foreign nations, various companies, and universities. If we're going to indulge in an encomium of the extraordinary competence of the NSA, though, the most honest praise would be for an NSA imagined as most likely trying to provide genuine security with this effort, not backdoors, which open up the possibility of breaches or discovery.

          Consider the NSA's purpose in making a secure version of Android: it's a system built by geniuses to be operated, in the end, by idiots, who are targeted for attack by other geniuses. From the NSA's perspective, there are two opponents: the brilliant Enemy and the Friendly moron. Leaving a backdoor, however well-obfuscated, provides the brilliant Enemy with an avenue for taking advantage of the Friendly moron who violates security procedures for his ill-conceived convenience. Backdoors allow breaches, and the NSA has to be smart enough to know that there are enough geniuses out there working for the other side(s) to find one and exploit it.

          Consider also the fallout if a backdoor were to be discovered in the NSA's source code. Geniuses will be reading this code, if for no other reason than because it demonstrates the NSA's thinking. If someone found a backdoor and, instead of exploiting it or selling it to exploiters, decided to publicize it as an example of a purposeful NSA backdoor, the NSA would lose immense credibility. What kind of turf and funding wars would they face then, if the rest of the government agencies lost trust in them? Would the much-vaunted geniuses of the NSA consider that risk acceptable?

          It's in the NSA's interest not to introduce even well-obfuscated backdoors in this product. It is in their interest to have such facilities available in consumer-grade products and exports, and God only knows what's baked into the phone companies' customized builds that they've compiled and installed onto a consumer-grade phone. It is not, however, useful to them to have such access in source code that is publicly available to be read by people looking for problems or compiled by people smart enough to know what they're doing.

          If the NSA really is as smart as we'd all like to believe, they'll make this an honest, open, secure product without backdoors or traps. They'll make a product that will solidify their place in the government funding arena as the authority in hardened security.

          • by justforgetme (1814588) on Saturday January 14, 2012 @05:02AM (#38695974) Homepage

            while mainly correct, your proposition ignores the fact that in programming you have a lot of plausible deniability in form of the programming mistake. A wrongly placed comparison or wrongly compiled regexp can have huge side effects while looking like little mistypes even a good albeit tired dev would make. Now think that by implanting such a small discrepancy into a big project you could do very many things without being ever detected. Also the side effects of such a behavior are very difficult to follow in a big project making the possibilities of it being forcibly discovered ridiculous since you would have to follow every reroute into oblivion before being sure there are not deliberate side effects.

            • by julesh (229690)

              your proposition ignores the fact that in programming you have a lot of plausible deniability in form of the programming mistake

              You do. I do. The NSA don't. Seriously -- if you heard there was a "bug" in NSA-provided code that effectively allowed back door access to people's phones, would you consider for more than a couple of seconds the possibility that it was accidental?

              • You kind of have to at least acknowledge the fact that somebody could just have screwed up, it still is just "sacks of mostly water" that write those programs. That, of course, if you aren't pathologically paranoid.

          • by IAmR007 (2539972)
            The NSA develops things like SELinux for its own use, not out of charity. Putting an intentional flaw in SELinux would open up back doors into their systems as well. Something tells me an intelligence agency wouldn't allow anyone clever enough to spot their flaw to access their systems, which might contain classified information.
            • by swalve (1980968)
              I agree. I think they are more worried about keeping their shit secret than they are getting into other people's stuff.
        • BTW the UCC hasn't been updated in two years? the last contest post is from early 2010 and there is no winners anouncement.

        • by arose (644256)
          If you are afraid of the NSA plating that kind of backdoor, then why would you be concerned about the obvious source (NSA code contributions), one that sees minority usage and extra scrutiny from security folks (being security code) no less? The smart way is to plant an individual into the dev community of a universally, gain trust, then plant it through them.
        • by evilviper (135110)

          Still don't believe me? How about the OpenSSH PRNG flaw that went unnoticed for two years, despite being used in servers all over the world.

          No such thing... You probably meant OpenSSL, but I doubt a typo made you omit the fact that this was ONLY in the Debian packages of it, and worse, they were warned the patch was a terrible idea and ignored the advice.

  • by TeddyR (4176) on Friday January 13, 2012 @10:21PM (#38694450) Homepage Journal

    The question is what backdoors have they placed on it. Is it secure from themselves (NSA) and other three letter agencies?

    • by chill (34294) on Friday January 13, 2012 @10:32PM (#38694522) Journal

      Considering Android was pretty much swiss cheese to begin with, you'd have to wonder why they'd bother.

      And the risk involved in doing something like that and releasing it all as source code makes even less sense.

      No, I think the simple truth is the NSA realizes that being secure is hard work. Even people whos lives depend on it get it wrong. The average schmoe hardening up their smartphone is still going to fall prey to an easily shoulder-surfed password. Or the XKCD $5 wrench. Or all of the data that goes thru the boot-licking telecom companies. Or... or...

      No, this is probably the real deal. The NSA guys hate Blackberries as much as the rest of us and are looking for approved replacements.

      • And the risk involved in doing something like that and releasing it all as source code makes even less sense.

        If you believe in security through obscurity, then yes that would make no sense to you.

    • by Anonymous Coward on Friday January 13, 2012 @10:37PM (#38694560)

      NSA is made up of two sections; one does cryptanalysis (i.e. signals intelligence), the other provides crytographic help for the government (and the public), often being at the cutting edge of cryptographic research.

      SHA1 and SHA2 were NSA designed; do you trust those?

      In any case it's open source (info page is here: http://selinuxproject.org/page/SEAndroid . currently down; use google cache)

      • by Sycraft-fu (314770) on Friday January 13, 2012 @11:13PM (#38694760)

        Take a look at DES. There was a big to do about the NSA "messing" with the S-boxes in DES. People conspiracy theoried that they had weakened it so they could crack it. Nobody at the NSA or IBM (who made DES) would say anything about it. The, in 1990, differential cryptanalysis was discovered by public researchers and it turned out the DES S-boxes were way more resilient to it than had then been random. Turns out IBM and the NSA knew about it back in the 70s, but the NSA asked IBM to keep a lid on it. The NSA's changes made DES more resilient.

        Time has borne it out too. DES is decades old now and there has been no magic break in it discovered, no "backdoor" that would let people in, it is just too short a key to be useful anymore.

        Along those lines, the NSA has signed off on AES (which was originally developed in Finland) as an approved standard to be used for classified data and said that AES is good security for the commercial world (which was the point of the AES standard). Again, time seems to bear them out on that, it is the most analyzed cryptosystem out there, and nobody has found any "backdoor" in it.

        While there's no doubt the NSA takes their signals intelligence mission seriously, they seem to take their security mission seriously too. Their track record so far is excellent. Everything they've released has stood the test of time.

        Now I suppose it is possible in theory that they are so far advanced of everyone else, and so arrogantly confident in their superiority, that they have hidden "backdoors" they figure nobody will ever notice... However if they really were that much better, would they need to?

        • Yep, I mean, after all, the police state has many other avenues to control the citizens, spying via a backdoor hidden in an OSS project is unlikely. Through corporations who are willing to bend over backwards to further the spread of tyranny, through totalitarian laws like the PATRIOT act and CALEA the government has many more legal (and more PR friendly) ways of spying on citizens. Making a backdoor in an open source security program if discovered would be nothing short of an embarrassment. However, by cal
        • AES Finland? (Score:3, Informative)

          by Anonymous Coward

          No Sir, you must be joking. AES ie. Rijndael comes from Belgium.

          AES [wikipedia.org]

        • by IAmR007 (2539972)
          Yeah, why break something that you are going to use, especially when your security requirements are far higher than an average user.
    • I'm guessing this is more related to the fact that the militar is looking into using tablets and other such consumer devices in the field. (See previous /. articles for reference. I'm too lazy to find links to them myself.)
    • by thegarbz (1787294)

      Check the source code and let us know. Kinda hard to place a back door in OSS isn't it.

  • by Anonymous Coward
    These are manufactured in China. As long as that occurs, nothing about these can be secured. The west, if not the USA, should require that phones be produced in the west, using western components. After all, Chinese gov. is bright enough to do the same. They refuse phones that do not have parts PHYSICALLY produced in their nation. Of course, they are in a cold war with the west, so it makes sense for their actions.
  • Its funny (Score:4, Insightful)

    by Anonymous Coward on Saturday January 14, 2012 @07:54AM (#38696426)
    Having gone through the comments here, to read the distrust of the NSA. To be honest, that is good.
    Yet, for a number of you, you will trust the physical hardware is OK coming in from China. Why on god's green earth, would you trust china, a nation that has more spies running around the world, esp. in the west, then does America, while screaming that America has planted a backdoor in open code?
  • many times I read the title and think of something very different, this time it was 'enhanced android', must be a fembot! from Austin Powers.

  • SELinux was the only way the US government could reach the linux kernel and implement a obfuscated backdoor worldwide. What is a difference between a bug or backdoor, from inside the source code they are the same.
  • Anything that removes potential security flaws from android is a double edged sword. Its many of those flaws that allow us to get root and install custom roms.

The flow chart is a most thoroughly oversold piece of program documentation. -- Frederick Brooks, "The Mythical Man Month"

Working...