Conversation

Thanks for giving me so much grief and Twitter drama about saying "Android is not safe to use for journalists or Congressional campaigns"

Quote Tweet

Patrick Traynor

@patrickgtraynor

Aug 24, 2018

Ever plug your phone into an arbitrary charger around the office or at an airport? Our #usesec18 paper shows that we can easily bypass most #android lock screens and then do pretty much whatever we want using old-school AT commands. Patch, then check out our work! #infosec twitter.com/kevinrbbutler/…

Show this thread

Pinboard

@Pinboard

Aug 24, 2018

There's a device called a USB filter that turns every USB port into a charge-only port, and protects against sketchy charging ports. Add this helpful dongle to your life if you travel a lot: amazon.com/Plugable-Unive

125

236

Pinboard

@Pinboard

Aug 24, 2018

I would rather live in a world where there are both Android devices and iPhones that are out-of-the-box secure enough for a campaign to use. And I know Google is full of engineers who are trying to make this happen. But the effort dies somewhere in the domain of upper management

Replying to

It’s not even upper management. Android itself has decent exploit mitigation work, etc. it’s OEMs and the fucked up android vendor ecosystem. Bugs happen. Bugs that may be unpatchable amd that users won’t know they have because the vendor has long since moved on, however...

Replying to

I understand the complaint about the ecosystem, but Google also manufactures its own phone, which it has chosen not to make safe.

Replying to

and

If you read the paper (usenix.org/system/files/c), you’ll notice that the severity of the issues on Google phones is low. The really bad issues were all OEM phones. I’m frequently a big Google critic, but IMO you’re being unfair.

Replying to

and

points out, the lock screen is functionally the last line of defense on an Android phone, so "it's almost not broken" is not a reassuring consolation. I agree that the phones Google makes are the safest, but they are not safe enough, and that is on Google

Replying to

It's the last line of defense on both phones for the default data class. iOS makes it easier for apps and the OS to put data at rest after locking but the vast majority of apps and OS functionality either can't or doesn't do that even with it being a bit easier without libraries.

Replying to

As long as it covers mail, photos and text messages I’m willing to live with it.

Replying to

It doesn't cover photos or contacts. Mail and text messages would depend on the app. Signal opts into NSFileProtectionComplete on iOS and uses the keystore on Android, but Moxie doesn't seem to really believe in doing it and maintains the Android app so it's not as far along.

Replying to

Not sure what Apple does for their own mail app and text message handling. They could queue them up by appending to encrypted data and then merge it into a proper database after unlocking but that code isn't open source so someone would need to reverse it to see what they do.

8:14 PM · Aug 24, 2018Twitter Web Client

Replying to

You can do the same thing on Android with the hardware-backed keystore APIs which some apps do, but the APIs have only been solid for a few years. It's a lot lower-level than just marking a data class. Not sure why they still haven't introduced a simple data class or two for it.