Who Wants Ice Cream?

Google has recently announced the forthcoming availability of Ice Cream Sandwich, Android 4.0. In such a short time, Android has seemingly come so far. I’d like to stop and take a look at the security improvements and additions featured in this release.

Google’s Android debuted in November 2007 and with its steady rise in popularity we also saw researchers begin to search for holes. A number of vulnerabilities have been found from root exploits like Rage Against the Cage to cross application scripting bugs like CVE-2011-2357.

With the release of Ice Cream Sandwich we can expect some new advances in Android security. Google promises:

A new Keychain API and encrypted storage

According to Google this lets “let applications store and retrieve private keys and their corresponding certificate chains. Any application can use the keychain API to install and store user certificates and CAs securely.”
Certificate handling issues are a real concern for Android users after the Diginotar fiasco.

Address Space Layout Randomization

ASLR is a method of protecting the system and third party applications from being attacked by randomizing their addresses in memory. It is an absolute requirement in the desktop computing world, and it’s great to see it arrive, although late, on Android. iOS has had this feature for some time.

Additionally it seems that the Android developers are taking a greater interest in enterprise security.

Full Device Encryption

Actually a feature of the 3.X codebase, but now available for phones, device encryption is an absolute must for any mobile device as the compact size makes them incredibly easy to lose. Unfortunately this has been far too long in coming.

VPN client API

According to Google, “Developers can now build or extend their own VPN solutions on the platform using a new VPN API and underlying secure credential storage.” Using VPN’s can help protect against session hijacking tools like firesheep.

Device Policy Management for camera

Administrators can now institute a policy for disabling the users camera.

Face Unlock

One of the cooler new security features being debuted is Face Unlock. This promises to set a standard for user-friendly security, as long as the implementation is of good quality and the speed is acceptable. Despite the cool factor, if it takes longer to recognize my face than to slide unlock and enter my pin, I just won’t use it. There have been questions on the effectiveness of face unlock, for example using the victim’s photo to access a locked device, but Google promises that they have accounted for this and an actual head will be required.

While it’s good to see some new security features being added to this ever-expanding platform, I was really hoping for a mechanism to back port patches when future devices inevitably leave Ice Cream Sandwich obsolete. It’s currently easier to release new versions of Android on new and shiny phones than it is for users to keep up. Phone contracts in the US are commonly locked in for 2 years. New operating systems for these devices, as well as their associated hardware, far outpace most people’s ability to keep pace with them.

Who Wants Ice Cream?

Your email address will not be published. Required fields are marked *



Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox