Linux.com

Home Linux Community Forums Mobile Computing Android Similar way to secure smart phones and tablets?

Similar way to secure smart phones and tablets?

Link to this post 08 Mar 11

I was going to do this as a blog post but I thought I get some feedback first. To see if its good enough to publish at all.:unsure:


Similar way to secure smart phones and tablets.

One way to move away from the problem of the malware ridden Windows platform was to run a Linux LiveCD. Why not use a similar approach to secure smart phones and tablets? The method works by bypassing any contaminated apps that have been installed on the user system by booting and running a minimal default system. Ideally the second system would be on a read-only media but a secure write protect system is perhaps good enough. Here the user can not install anything to compromise the system.

To make it as simple as possible one can add a button to restart the device and to run the secure system, like a built in splashtop in a dualboot configuration.

This method does not exclude the need for checking the applications in the appstore. However when security matters. When we do online banking and other money transactions we need to have a dedicated device. Be it a PC, smart phone or tablet.

Link to this post 08 Mar 11

The concept is good, however the issue you will face with read-only mediums is not being able to upgrade applications to patch known vulnerabilities. If you are using a read-only medium you can be open to old vulnerabilities between reboots, in which any successful exploitations will not resume after the next reboot, but will remain active until that point doing as they wish.

I think the best approach would be to build a mobile OS that has a clean core which can effectively jail or sandbox all applications from any resources that they do not list in the dependency/library list that the user must acknowledge prior to installation.

Link to this post 08 Mar 11

Thanks for the input. The problem with user acknowledgement is the rather large potential for mistakes. They have to know what there doing.

What I meant is that you have essentially the same mobile OS twice. Both can be updated through a trusted system but user manipulation ( installing all kinds of apps ) is restricted on the secure system. This could also work as backup system if the user somehow trashes it.

Link to this post 08 Mar 11

I think I understand what you mean, basically have a user mode and a Read-Only secure mode that a user can easily switch between by physical button, if the user does something wrong then they can "reset to factory state" which in effect will write the Read-Only image into the user mode effectively resetting the device to a base state.

Is that assessment correct?

Link to this post 09 Mar 11

Yes as a last resort this should be possible. Like the uses for a liveCD the user should also be able to run the device in the secure mode. I hope this method has the affect of bypassing any installed apps that are bad.

Running in the secure mode should not require you to reset the device, it could be that the user with his jail braked smartphone wants a secure environment to conduct money transactions.

Link to this post 31 Jan 12

I don't see it practical: rebooting everytime you want to access something in particular? Not for me, thanks.

Besides, if your devices gets "hacked" you can always flash a firmware image :)

Regards

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board