Boeing going into the Android phone business?

[Grey Havoc]

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=742

http://www.digitaltrends.com/mobile/boeing-to-launch-highly-secure-android-smartphone-this-year/

http://venturebeat.com/2012/04/12/boeing-android-phone-u-s-government/

 

[sublight]

I don't know what the point of going "android" is. In order to secure it, they'll have to fork off of the main source code, which will kill compatibility and thus negating any benefit of the application development ecosphere. This fork will also be closed source, also negating any benefit of the OS development ecosphere.

What really needs to happen here is for Google to secure the damn OS so people can take their smart phones to China without fear of hijack.

 

[TomS]

NSA has developed a spec for a secure Android handset (and built some examples, apparently). It is basically a proprietary fork of Android with a dedicated VOIP/data app that runs all the comms from the phone through an encrypted VPN channel to a central server and a built-in security monitoring app to make sure other apps behave. It's not trivial, but there's still a savings in terms of app development because you can take off-the-shelf apps, test them for compliance with security rules, and offer them through your own secure app store, rather than doing bespoke apps development.

http://threatpost.com/en_us/blogs/nsa-develops-new-super-secure-android-phone-030212

 

[sublight]

But that really does nothing spectacular for the security of the phone itself. If a hacker installs a simple audio recording app, then it doesn't matter if the communication is over a secure channel. The sound of the phone holders voice isn't encrypted. I guess they can text chat "super secure"?

 

[TomS]

You're missing two key elements:

1) The secure store. These phones don't allow you to install arbitrary app; only apps approved by the central system manager (DISA in the case of NSA) and disseminated through that app store can be loaded. Certificating and verifying apps is a major part of the architecture.

2) The "police" app -- the one that monitors the behavior of the others. If an app starts recording data and trying to send it out somehow, it's going to get trapped by that app. Clearly, that means there's going to need to be more attention paid to permissions than in commercial phones -- most apps won't be allowed to access the wi-fi or phone radios, for example. But that's why you have a central secure app repository, ragther than allowing installs from unverified sources.

 

[sublight]

You're missing two key elements:

1) The secure store. These phones don't allow you to install arbitrary app; only apps approved by the central system manager (DISA in the case of NSA) and disseminated through that app store can be loaded. Certificating and verifying apps is a major part of the architecture.

2) The "police" app -- the one that monitors the behavior of the others. If an app starts recording data and trying to send it out somehow, it's going to get trapped by that app. Clearly, that means there's going to need to be more attention paid to permissions than in commercial phones -- most apps won't be allowed to access the wi-fi or phone radios, for example. But that's why you have a central secure app repository, ragther than allowing installs from unverified sources.

I'm not missing those elements at all. I'm pointing out that a company with a lot less money, and microscopic fraction of Googles' programmers, wont fare any better in securing the platform than Google has.

 

[TomS]

You're going to have to explain how someone is going to install your notional eavesdropping app on a phone that can't accept data from anywhere that isn't via the VNP (which can only talk to the enterprise server) and can't run an app that isn't installed during initial provisioning.

Seriously, go read the NSA standard for Enterpise Mobility. They've thought this through in great detail.

http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_%28Version_1.1U%29.pdf

 

[sublight]

You're going to have to explain how someone is going to install your notional eavesdropping app on a phone that can't accept data from anywhere that isn't via the VNP (which can only talk to the enterprise server) and can't run an app that isn't installed during initial provisioning.

Seriously, go read the NSA standard for Enterpise Mobility. They've thought this through in great detail.

http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_%28Version_1.1U%29.pdf

Really? Is there any place the "advanced persistent threat" hasn't been able to get into over the past 10 years? Its a computer, it will have arbitrary code execution vulnerabilities like every computer that has come before it. It will have a small team managing security able to generate hundreds of man hours a month working on security, whereas an open source project will have hundreds of thousands of man hours a month looking at security.

 

[TomS]

Sure, it's possible, but these machines will be no less secure than any other classified network.