back to article NSA constructs hardened Android, unleashes it on world

The US Defense Department's The National Security Agency (NSA) has released a security-hardened version of Google's mobile OS, Android. The spook-enhanced build of the operating system was released last week and is based on SELinux, also created by the National Security Agency. The inaugural release of the SE Android project …

COMMENTS

This topic is closed for new posts.
  1. NoneSuch Silver badge
    Thumb Down

    Sorry I will pass on that, just like I pass on all US government approved encryption as well.

    Instead of having the NSA design your communications hardware just CC all of your emails, texts and web browsing habits to fbi.gov. The end result is the same.

    1. TeeCee Gold badge
      Thumb Up

      Whilst I have to admire the kneejerk tinfoil-hattery in that, the fact that this is distributed as source code makes it entirely possible to prove the existance of any nefarious goings on and remove them.

      So if they had done this it would be utterly pointless and regardless of their other failings, as I doubt they're as thick as pigshit they almost certainly haven't.

      What's most useful is that some or many of the security enhancements here could end up being merged back into the core product, providing a better product for all. Well done those spooks!

      1. ~mico
        Black Helicopters

        Excessive confidence.

        Properly constructed and well-engineered back door will not necessarily be visible from reading source code. What do you expect to find, after all? "if(strcmp(username,"NSA")==0)" ?

        A well-engineered back door will hide somewhere among bugs and invalid pointers, launched by carefully constructed buffer overflows, somewhere in totally unrelated piece of code, potentially even an app, and not part of the kernel. Google Maps anyone? Or even deeper, in carefully chosen encryption algorithms, or even in a graphics file, like skin of the button in your phone dialer.

        1. Blitterbug
          Happy

          re: Excessive Confidence

          if (!strcmp(username, "NSA")) {

          }

          FTFY!

          1. Anonymous Coward
            Anonymous Coward

            Perspective

            People, please. For the record SELinux has been part of the main linux kernel tree for _years_ and has been gone through with the proverbial fine toothed comb. If you think SELinux has a backdoor then you're saying all linux kernel versions since 2.6 that it was integrated have a backdoor.

            Nevermind that the NSA are not even involved in maintaining it anymore, since it was added to mainline.

            And anyway, SELinux is an implentation of a mandatory access control architecture, it doesnt even touch any parts of linux that _could_ be used to make a backdoor.

            Be paranoid but at least base the paranoia on some element of truth.

      2. Anonymous Coward
        Anonymous Coward

        @ TeeCee

        Then again, what toolchain are they using to compile the released binaries?

        This discussion has been round before. Source code is all well and good, but the compiler can be made to put anything they want in the compiled binaries.

        I'm just sayin', I won't be downloading any of their binaries. Also the source for the toolchain needs to be looked over very carefully. I just don't trust spooks, after all think about the kind of stuff they must do day in and day out.

        1. Anonymous Coward
          Anonymous Coward

          For those stating that the NSA don't work on the SELinux code any more, how do you know? They wouldn't exactly be writing labelled comments would they. I believe it is standard practice for such agencies to use small companies and "independent consultants" to perform such deniable actions. As others have stated, how do you know that a discovered "vulnerability" wasn't put there deliberately?

      3. Anonymous Coward
        Anonymous Coward

        Can't the NSA use special invisible ink code for the dodgy bits? Probably some kind of special character set embedded in the upper planes of Unicode with no visible glyphs. I expect. Posting anonymously as I've rumbled them.

        1. Anonymous Coward
          Anonymous Coward

          "Can't the NSA use special invisible ink code for the dodgy bits"

          Surely you sanitize all your source code by boiling for an hour before use ?

    2. Anonymous Coward
      Anonymous Coward

      nonesuch - you have absolutely no idea what selinux is - please know what you're talking about before broadcasting your ignorance!

      1. E 2

        I however do have some idea what SELinux is!

        SELinux is the most irritating ill-conceived implementation of ACL & Role based security ever foisted on the world.

        It can be done better, it can have a better UI, it could have reasonable defaults in the standard Linux distros that enable it by defaults.

        If I want nag boxes popping up everytime I touch the file system then I will use Windows 7, FFS!

        1. Anonymous Coward
          Anonymous Coward

          It's not rocket science for real world use in more recent distros. If you want to put your files outside of the approved file structure you just add your files to the selinux acl list. The man pages help you basically cut and paste the fixes anyway...

    3. FreeTard
      Facepalm

      mate

      The source code is released, so if your so paranoid just go through it yourself and roll your own.

      Its not like they only provide compiled binaries without the sauce.

      SElinux is a good thing. I use it on every laptop I own. AFAIR it was developed by the NSA in the first place, but every distribution provides it as an option or enabled by default in redhat distros.

      1. Alan_Peery
        Boffin

        SELinux -- inventors and history

        I've not been entirely sure who invented it. The first time I encountered something like it was back in 1996 when I was working for Tivoli Systems -- and we were wrapping what had been a low level Unix sysadmin tool into a more consumable product. This doc (http://publib.boulder.ibm.com/tividd/td/SEO/seos/en_US/PDF/seos.pdf) covers the initial attempt to do so, which was then replaced with a second incarnation where an attempt to wrap a proper GUI and full-scale deployment architecture was added.

        The simplest description of SEOS is that all kernel level systems calls were intercepted, and the effects of the system call analysed against a set of security criteria, before being allowed to proceed. Very much like the security contexts presently in SELinux.

    4. nexsphil
      WTF?

      wow! rent-a-trolls out in force today

      NoneSuch - your point is valid.

      Detractors - you're either incredibly naive or 'otherwise motivated'. The source code release is worthless, because it could well contain a well-concealed backdoor accessible only to the originators, which comes complete with convenient plausible deniability. Also, any external dependency referenced in the code that does not also have sources supplied could also represent data gathering functions.

      Furthermore, determining that US government agencies doing bad things is *impossible* and that anyone suggesting otherwise is an insane tinfoil-hat wearer, is stupidity taken to dangerous and saddening levels. Good luck explaining that little contemporary embarrassment to your grandkids. I personally wouldn't schedule it anywhere near a telling of 'the emperor's new clothes'. Pro tip there.

      1. nexsphil

        oops!

        Replace the word 'backdoor' with 'vulnerability' and it makes sense. ;)

      2. Joe Montana
        WTF?

        Source code

        While having the sourcecode doesn't make it impossible for a backdoor to be hidden, most likely in the form of a deeply buried security vulnerability making it more deniable...

        Having the sourcecode is nonetheless an improvement over not having it, and therefore relying on binaries instead.

        The world is full of compromises...

        A car with airbags, abs, roll bars etc may be safer than one without, but its still possible to crash and die...

        Having the sourcecode is better than not having it, obviously its not as safe as writing your own code from scratch on hardware you also designed and built yourself, but it's the best option that's practical and affordable.

        1. Tom 13
          Black Helicopters

          Actually, if you write your own code from scratch

          on hardware you've personally designed and built, you are more likely to have a bug than if you use binaries downloaded from a warez site. You've spread yourself too thin and have no one to look for bugs in your stuff. Open source has lots of eyes.

          And keep in mind that since the NSA are releasing the source code, the KGB, Mossad, MIx and all the rest of the spook agencies out there get to look at it too. Assuming NSA introduced a bug, one of those agencies can find it. That agency might decide it's more worthwhile to just use the bug themselves, or they might decide to release a fix, but either way the NSA is itself now at risk as well. Granted the NSA might be using devices that have a fixed applied, but their targets still don't, and if you know where the bug is you can monitor for the targets, and knowing who/where the targets are in and of itself provides a spook with useful information.

          I need to get back to my day job now. Thinking even a little like a spook makes me dizzy.

    5. Craigness

      Email the FBI?

      You mean like this guy?

      http://www.ted.com/talks/hasan_elahi.html

  2. Anonymous Coward
    Anonymous Coward

    Secure

    but with added Back Orifice

  3. Anonymous Coward
    Anonymous Coward

    Beware of spook outfits bearing gifts

  4. Ralph B
    Big Brother

    Totally Secure

    > if you don't know what you are doing you might even end up with a bricked smartphone

    So, then it's even secure against Mitnick-style social engineering attacks. Impressive.

    1. Basic
      Thumb Up

      Bravo

      'nuff said

  5. b166er

    Better the devil you know lol

  6. Anonymous Coward
    Anonymous Coward

    Free

    Now with free backdoors!

  7. Anonymous Coward
    Anonymous Coward

    Android

    I am still looking for an Android with remote wipe, local encryption, openvpn client

    1. Craigness

      Looking where?

      Lookout has a remote wipe app, and there are others, such as HTC's built-in offering. You can install Lookout's after your phone gets lost or stolen.

      Honeycomb has local encryption so presumably the Galaxy Nexus has it too.

      OpenVPN is available for Android but you might need root.

    2. Mark Honman

      Autowipe

      Free remote wipe for Android 2.2 onwards. Also provides for wipe on SIM change, wipe on excessive "password" attempts.

      As the other poster says, OpenVPN is at least in progress so AFAIK the only missing ingredient is local encryption.

    3. KjetilS

      Samsung Galaxy S2 has remote tracking/wipe/lock/etc. built in.

      Doesn't have local encryption, but there is probably an app for that™

      Perhaps TrueCrypt does what you want

      There are quite a few apps for openvpn, but you need to root it first (not difficult, there is a one-click option available)

  8. Gordon 10

    Any reason

    The NSA should be pissing your hard earned tax dollars up the wall on this project?

    Unless the object is to secure Android for formal government use (even then why?) then this is a waste of time and money.

    1. PyLETS
      Linux

      NSA and US taxes

      The NSA doesn't spend mine. The reason they spend US taxpayers' money on this is because they have a responsibility to secure US government systems. That has to include the mobile communications of US government employees, especially those working in sensitive areas. When Linux started being used as a server OS within the US government the NSA realised that securing these systems both legally for the purpose of distributing more secure versions and in the most cost effective manner meant playing within the terms of the GPL license, so they did this by releasing source for SELinux to the wider Linux community. This source release appears to be more of the same. The NSA are also smart enough to know that they can't do all the software integration work in-house to the same standard as if they involve other interested parties.

  9. Anonymous Coward
    Anonymous Coward

    My experiences with selinux...

    ... can be summed up as: Notice weird shit not working, fool around a lot to no avail, finally disable selinux, and all is well again. This was using fedora, and maybe the nsa installing the thing themselves will automagically make it all work properly, I'm sure, but anyhow.

    The trouble is always that the only reward you get for making it work properly is at best an unnoticeably slight hit in performance, but the price is that things stop working properly for no good reason until you get it to work just so. This, unfortunately, is inherent in this sort of thing.

  10. SirDigalot
    Joke

    also comes with...

    a free hammer and a small pot of thermite, (data security) and a couple of cyanide capsules (in case you are captured) a couple of throwing stars, a small sheet of tinfoil, and the cool map application that lets you zoom in and say "enhance"

  11. John Latham

    Tinfoil hats pointed in the wrong direction

    If the NSA is going to stick a backdoor into anything, it'll be something closed source that people DO trust, like iOS, some bit of Android that Google "haven't got around to releasing yet", or the operator versions of Android that are deployed OTA.

    Sure there may be exploitable vulnerabilities in the NSA version (whether known to them or not), but that is a tractable problem since the source is open for analysis.

  12. ratfox
    Angel

    Released the code?

    Lawsuit coming from Oracle in 3... 2... 1...

  13. Ian Johnston Silver badge
    Alert

    But does it have

    mutation strings?

  14. E 2

    Seriously?

    The NSA, USA's premier signals intelligence organization, wants to install code on my phone to make it more secure?

    I'd rather have a farm of satellite dishes, me!

  15. Steven Roper
    Facepalm

    Please hack me

    Boasting about how secure an OS is, is really baiting the bull. I can see every hacker, cracker and two-bit script kiddie doing their utmost to compromise this "hardened" Android simply for the challenge of putting one up the NSA. And since what man can make, man can break, I give it a matter of weeks before someone demonstrates an exploit that blows it wide open!

    1. PyLETS
      Linux

      That's exactly what the NSA want you to do

      'I can see every hacker, cracker and two-bit script kiddie doing their utmost to compromise this "hardened" Android simply for the challenge of putting one up the NSA.'

      But this isn't "putting one up to the NSA", it's helping them test their system. An untested system is insecure, and systems these days are far too complex for their developers to be able to do full testing. We don't have fully secure systems. The most secure ones we have are the very stable long term releases which have been around for long enough for maximum security investigation and testing to have been carried out and published, and bugs found subsequently fixed.

  16. This post has been deleted by its author

  17. Simon B
    FAIL

    No doubt the security has already been blown wide open and a massive loophole/flaw found in the implementation of this super secure version that makes it no more secure or even less secure than bog standard Android. C'mon, you know I'm right! ;)

  18. Babai
    Pirate

    NSA already added backdoor to FreeBSD

    what stops them to add similar into Android source code ??

    The peculiarity was that, time taken to notice such backdoor was long and few releases were released for public (many had installed the version with added backdoor)

    Android source code is also huge, time to scrutinize each file will take time.

    their version: http://seclists.org/fulldisclosure/2010/Dec/669

  19. Martin Taylor 1

    Never Say Anything...

    I'll tell you a funny thing. NSA have for years published advice on their website on how to secure various types of system, most importantly elements of an Enterprise Windows/AD environment. They do this to help US entities, Government or otherwise, protect themselves, but they have no problem with foreigners making use of this advice as well. It seems to me that their SELinux efforts should be looked at in that light.

    And I won't even tell you how polite they were when I rang them about one of their documents at around 0900 Eastern Time on Sept 11th, 2001...

  20. CarrotRevenge
    Coffee/keyboard

    STFU & RTFC

    RTFC! ala FX 27C3 "Building Custom Disassemblers"

This topic is closed for new posts.

Other stories you might like