Schneier on Security

Clive Robinson • November 19, 2019 8:31 AM

@ All,

There are a couple of thoughts that occure with this. Firstly there are four areas/classes of concern (not two)

1, Android core as released by Google to manufacturers.

2, IO drivers etc efectively unique to each phone design.

3, Non-removable manufacturer installed Applications.

4, Semi-removable user installed applications.

However overall no matter what the class of cause it is clear that “Smart Devices” built around Android are not in general fit to be used for even the lowest of classified security environments (sensitive[1]). Or for that matter many if not most commercial environments[2].

But questions should be asked about where the primary problem lies. Obviously what is supplied by Google (1) is in effect the core of Android and has interfaces with the other three areas (2,3,4). Whilst the core(1) may not have vulnerabilities or bugs, the question of the complexity of it’s interfaces arises. That is interfaces can be “well found” and “minimal” thus making secure interfacing low defect probability, almost always the opposite happens and a “kitchen sink” mentality takes over and with it unneeded and unwarranted complexity rapidly builds and with it the exponentially increasing probability that vulnerabilities or bugs will occure.

This is a fairly well known issue thus one has to ask initially about the necessity of such complexity. This then in the “thinking hinky” security mindset becomes the implicit question of “What are they hidding behind it?”. With the third question being “by accident or design?”. Which almost automatically gives rise to the “3W question” of “Who?, What?, and Why?”. Both of which occured with Cisco snd Juniper core networking products and security. Which in part gave rise to the Chinese Government passing legislation banning the use of their and other US corporate products from key economic areas such as banking etc. The tit-for-tat behaviour of the current US administration has had an odd effect in that it in effects bans the use of Android in Chinese products, thus forcing the largest smart device manufacturer to come up with a new core. Whilst a geo-political analysis would be off topic, that relating to security is not.

We might actually see the begining of a new tit-for-tat pissing contest. That is the US gov entities rip appart the Chinese core looking for vulnerabilities, whilst the Chinese reciprocate aginst the US Google core. Each selectively chosing to publish vulnerabilities to discredit the other. Thus potentially causing a series of “malware attacks”, which in many respects would be more advantageous to the Chinese[3] than the US or other Western first world nations.

What ever happens it’s odds on favourite that invasive surveillance on end users will rise almost exponentially over the next few years. And will happen one way or another, “with or without” legislation and that Governments will save considerable money by “proxies through corporates” one way or another (such as Amazon Ring).

[1] Document Classification is multi-level and most nations have their own variations especially at the lower unclasified / sensitive / confidential / protected / etc levels. But even at the higher levels of Secret and Top Secret nations differ on what each actually means. Many current national models are seen as “three layer” these days, however there is an implicit fourth layer of what might be called “not classified”. This has come about by the use of classified registration in a database and that all documents should have value as they are paid for via the Tax Take thus must have justifiable value, with the potential of commoditization. Thus the document producer has to first take a “comercial value judgment” as to if any new or derived “work” should go in the registered database, then consider other issues related to security as to which of the three other layers it should be classified at. Implicit as part of this is that government workers should never produce “works” that are “not of commercial value”… Which kind of gets interesting when you get down to “information leaflets” like those telling people over 60 to get a free flu jab etc…

[2] All employers should carefully consider the pay offs of “Bring Your Own Devices” (BYOD) or even “issued devices” used for “Distributed / no office / on the road / from home” employee working models and similar “loose/no security perimiter” working practices against the cost of lost information both financially and reputationally especially in “duty of care/confidentiality” environments.

[3] One significant reason for this is the “Great Firewall of China” it alows them to ring fence their jurisdictional section of the Internet thus limiting any exfiltrating malware etc. As Russia has passed legislation and will be running tests on a similar idea, it can be said that the Balkanisation of the Internet has started and the days of “All roads lead to Rome” will end for the UKUSA Five-Eye IC and LEO organisations. Thus the significant advantage for illegal spying that they have enjoyed at the communications geographical nodes will shortly be lost to them. Which brings up the question of Alphabet / Googles plans for sub sea cables, satellite and even drone balloon comms nodes and transport. They obviously see an advantage that Teleco’s don’t see in doing this… Which broadly suggests that Google have a different business model. As their traditional business model is “theft of PII” it’s probably safe to assume Googles model involves heavy surveillance one way or another.