a Recent statement Adrian Ludwig, head of security Android, new smartphones with Android Google Pixel was 7.1 how to withstand attacks as the last iPhone, has not gone unnoticed. Recall – Ludwig believes that for almost all types of threats for Android and iOS are almost identical in the question security platforms. You will, however, definitely? This statement provoked Matthew Greene, known kryptografa from Johns Hopkins University, which quickly pointed out the fundamental problem with Google security, in which the game about everything year for iOS-em if we are talking about his safety.
the Main problem with Android devices, according to Greene, the interpretation of them as PCs, despite the fact that computers are not. From Android 4.4 KitKat mobile system Google uses encryption almost the same as desktop linux. It is based in the cryptographic subsystem of the kernel dm-crypt. This solution is perfect, but isn’t appropriate for a smartphone? The problem is that całodyskowe encryption protects the data on your smartphone… when he disabled. When the device is turned on, and the keys deszyfrujące are in memory, the encryption did not seem to .
Most users of mobile devices almost but they are not disables. Thought about their liquid transition between the United the power saving mode protection and jumping activity, the name of extending battery life. Today is a good smartphones can thus, to work in a few days, 2-3 days, and when the level charge becomes low, the user simply connects their for forklifts. <>at smartphones may be as much as months.
r e k l a m a
Całodyskowe encryption in Android
for working devices całodyskowe encryption okay? Green answers “no” and hard with him to agree. Keep your privacy computer users personal … … them off, having confidence in what całodyskowe encryption makes the data inaccessible to people, third. However, the smartphones we carry around all the time, niewyłączone. When the smartphone will be lost, or will we violence received, striker continues to receive the device key in memory, with full access to data. dm-crypt in this case does nothing.
Apple has gone a completely different way. From mo-4 mobile OS from Cupertino, we are dealing with a data protection mechanism, allows you to encrypt data stored on the device. Knowing, however, the specifics of use of mobile devices, put the Apple on the encryption of files – each of them separately. Including OS the contents of each file is encrypted using unique key (the metadata files are encrypted separately), unique keys, they’re encrypted using one of the key classes security derived from the user’s password and data stored in the hardware processor of the device.
So encrypts files iOS
thus, Apple provides precise access control files iOS. Developers have access to the interface programming, which allows you to determine which key classes security should be used to protect your file. Thus, we can create files that are available for everyone, even after a device reboot before entering user files are protected up to the date of first entry into the system user, and, most importantly, the files that are is protected all the time: they are only decrypted at the moment when the device was unlocked. After re-lock, key will be removed from the device memory.
In Android 7 Google ulepszyło your strategy. The new model, Direct Boot, offers two contexts for encryption. The first is hardware acceleration encrypted access memory (these files are not encrypted with a password the user, or at least are encrypted using the data equipment, and so they are available immediately after launch, and before access), second is the data repository is encrypted using the authentication – such files are available only after the introduction of the user’s password. Advantage DirectBoota should be something you can use different contexts of encryption for different users smartphone, although not fully known, why do people want smartphones however, it is, rather, a single device number.
Despite these changes, you will see that Android 7 does not offer such security as iOS 10 with the removal of the key from memory to file fully protected. In theory it would be possible to maintain application, so that, as green notes, there is no clear method to tell the application when Android was again locked. Even system apps don’t know when to suddenly cut off their access to the files, getting errors. What’s more, Android 7 does not even try Yes, indeed, remove the keys from memory after locking the device. In the code of the ext4 file system is seen what the function is designed to ensure their removal from the key ring of the kernel it hasn’t been written yet!
Matthew green notes, so that in the end, that this weakness of Android not really related to kryptografią. This is the problem as the architecture of the system, and the lack of proper guidelines for programmers. Following in this direction, Google dooms Android for many years to be dangerous. A great move – especially today, when authorities in many countries simply looking for legal solutions which will allow them unlimited hack into device citizens. Perhaps Mr Adrian Ludwig does not think about it but for significant threat?
No comments:
Post a Comment