My Auditor app can be expanded to verifying any device launched with Android 8+ once someone submits sample data from that device with the bootloader still locked. Install the app (via play.google.com/store/apps/det or github.com/AndroidHardeni) and press 'Submit sample data' in the menu.
Conversation
Replying to
To what extend can an app guarantee a state of the system when the underlying integrity is not verifiable?
How do you know a sample is genuine (1) and (2) even if it is, we take the report from a system difficult to verify even if AOSP.
I am really glad you cont. working on this
1
1
1
Replying to
See the documentation: attestation.app/about. The system is verifiable via hardware support for attestation and verified boot. The main thing needed from the samples is the verified boot key fingerprint to distinguish devices from each other, which is part of key attestation.
2
1
2
Replying to
Well, yes, exactlywhy I was asking.
Aside the device bootloader identify, is anything else really verifiable?
Maybe better phrased the question.
1
1
Replying to
There's verified boot for the entire operating system and information about it is surfaced via the key attestation feature. It provides a signed public key certificate for the key including verified boot state + fingerprint and versions of the boot, system and vendor images.
1
1
An attacker could exploit the OS after it boots or could exploit the verified boot process itself but they can't forge this information without exploiting the bootloader or TEE. An important part of what this provides is verification of device identity too, not just integrity.
For example, consider an attacker compromising the OS after each boot and blocking updates to prevent fixing the vulnerabilities. Attestation will uncover the problem by showing that the OS is not truly being updated, even if the attacker tries to hide that information in the OS.
2
1
1
An attacker also can't pass off another attacker controlled device as the real device without compromising the hardware-backed keystore. For local verification, they would need to proxy back to the real device by relying on having network connectivity, which can be mitigated.
1
1
Show replies