Google strengthens Android security muscle with SELinux protection

The upcoming version of Google's Android operating system offers several enhancements designed to strengthen handset security, particularly in businesses and other large organizations. Ars will be giving the just-unveiled version 4.3 a thorough review in the coming days. In the meantime, here's a quick rundown of the security improvements.

The most significant change is the addition of a security extension known as SELinux—short for Security-Enhanced Linux—to reinforce Android's current hack-mitigation model. Since Android's debut, apps have run inside a "sandbox" that restricts the data they can access and isolates code they can execute from other apps and the operating system as a whole. Built on a traditional Unix scheme known as discretionary access control, Android sandboxing prevents the pilfering of sensitive passwords by a rogue app a user has been tricked into installing or by a legitimate app that has been commandeered by a hacker.

Originally developed by programmers from the National Security Agency, SELinux enforces a much finer-grained series of mandatory access control policies. Among other things, SELinux allows varying levels of trust to each app and dictates what kind of data an app can access inside its confined domain.

Read 9 remaining paragraphs | Comments


RFID Information Can Be Stolen from Three Feet Away

Security consultant Fran Brown has created a hacking tool that can capture data from RFID badges from up to three feet away—a worrying development considering that up to 80 percent of US companies that use RFID access control systems still employ the vulnerable technology hacked by Brown.

What is RFID?

Radio frequency identification, or RFID for short, is used in a wide variety of everyday applications from the tracking of animals and humans to motorway toll collection and contactless payment systems. While some people may not know much about RFID, the chances are they have more than likely used it at one stage or another without even knowing it. If your dog has a microchip implant or you use an ID card to gain access to work then, whether you knew it or not, you have used RFID technology.

RFID uses radio waves to transfer data in order to automatically identify objects, or people or animals associated with those objects. An RFID system consists of at least one tag and one reader and there are several variations of both but one of the most common types of tags, and the type that is discussed in this blog and Brown’s research, is the 125KHz tag. Readers are two-way radio transmitter-receivers that send a signal to the tag and read the response. The tag contains a radio frequency transmitter and receiver that receives the signal from the reader and responds by sending back whatever information is stored on it, such as a unique code for accessing a secure building for example. Tags are very small and can be placed inside ID cards, passports, DVD or CD cases, or even just under the skin.

RFID 1.png

Long-range hacking tool

125KHz tags are some of the most common and need to be placed in close proximity, 10cm or less, to the reader in order to receive and send a signal. In order to skim and then clone one of these cards, a malicious actor would need to either have access to the card or be extremely close to it which makes it a difficult thing to do. However, Brown has managed to modify an RFID reader so that it can read RFID tag data from a relatively long distance—up to three feet. What this basically means is that anyone with one of these readers could place it in a pocket and take a walk around a company car park for instance, collecting data from workers’ ID badges as they walk by. The badges could then be cloned and the attacker would have the same access as the owner of the cloned badge.

The customization of the RFID reader was done by creating a small printed circuit board that can be inserted into most commercial readers. The stolen tag information is stored on a micro SD card. The code Brown wrote, as well as all the details of the hack tool and customization will be made available after this year’s Black Hat security conference in Las Vegas, where Brown will present his research.

While this idea has been around for some time, Brown says that his method “is the difference between a practical and impractical attack.” Past research has consisted of theories and ideas with little if any actual working tools. He also states that, in tests, his tool has a hundred percent success rate.

125KHz tags are considered out of date these days and have no security guarding the information they contain. The data sent is not encrypted so once it is received by an attacker, all they have to do is clone a new tag. While there are newer options available that encrypt the data stored on the tag and also secure the communication between the tag and reader or use challenge response authentication methods, organizations are slow to migrate to the new technology. This may be due to cost and/or organizations not being aware of the security risks associated with 125KHz tags.

Brown says that his long-range RFID reader is “targeted toward the Fortune 500 security professional” but that “[a]s with any penetration testing tool, this […] can be turned malicious.”

Given this development, organizations using RFID access control solutions may want to look again at their existing systems and think about upgrading or introducing additional access control measures such as biometrics

First malicious apps to exploit critical Android bug found in the wild

Researchers have spotted the first in-the-wild apps to exploit a critical Android vulnerability allowing attackers to inject malicious code into legitimate programs without invalidating their digital signature.

The two apps, distributed on unofficial Android marketplaces in China, help people find doctors and make appointments, according to a blog post published Tuesday by researchers from security firm Symantec. By exploiting the recently disclosed "master key" vulnerability—or possibly a separate Android flaw that's closely related (English translation here)—attackers were able to surreptitiously add harmful functions to the apps without changing the cryptographic signature that's supposed to ensure the apps haven't been modified.

"An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands, if available," a Symantec researcher wrote. "Using the vulnerability, the attacker has modified the original Android application by adding an additional classes.dex file (the file which contains the Android application code) and also adding an additional Android manifest file (the file which specifies permissions)."

Read 4 remaining paragraphs | Comments