The Armadillo Phone - A Security Review

Dear blog readers,

As many of you know I've joined forces with Team Armadillo Phone in the fight against cybercriminals including nation-state and rogue and malicious including possibly fraudulent cyber adversaries for the position of Security Blogger in 2019 and I wanted to say big thanks to COO Rob Chaboyer and CEO Kelaghn Noy for bringing me on board and for initiating a series of video conversations to better help them understand my motivation for joining the company and what exactly I can bring on board.

Among my first responsibilities were to possibly include an actual Security Audit and actual Security Advice and Recommendation including practical implementation advice on new Privacy and Security themed related features actual reaching out to current and future customers including active posting of new and innovative Security Research at the company's blog.

In this post I'll provide an in-depth Security Review of the Armadillo Phone in terms of Privacy and Security features including their relevance and importance in today's modern cyber threat adversaries dominated Internet-based communication ecosystem including an in-depth introduction into some of the key features that I might be definitely looking forward to implementing and offering practical advice on in terms of new Privacy and Security features that might greatly assist new and future customers on their way to achieve a decent degree of Privacy and Security in their Internet-based communications.

Key Features of the Device include:

- Tamper-Resistant Packing
- Device Inspection
- Secure Hardware
- Multiple Passwords
- Zero Day Protection
- Security Peripherals

Among my key proposals that I sincerely hope will eventually make their place on COO Rob Chaboyer and CEO Kelaghn Noy's desk are:

• Security Researcher Working Space or a Security Module - the basic idea here would be to offer a built-in full-disclosure reader application including automatic subscription to major and popular Information Security and Hacking Mailing Lists.
• Built-in RSS Reader - the main idea here would be offer Armadillo Phone users to ability to take advantage of a built-in RSS reader with pre-defined set of major and high-profile Security and Provicacy Content Providers
• Security and Privacy Including National-Security Journalists' Opt-In Directory - have you ever wanted to directly reach out to a high-profile Security Privacy or National Security type of journalist for the purpose of sharing with them your opinion on a particular piece of to actually share a news tip? This is the main purpose behind this particular feature.
• Covert Channels - the main purpose behind this features is to allow Armadillo Phone users in particular journalists or hacktivists the opportunity to secure and convertly transmit information that's basically impossible to track down intercept
• Steganography - the main purpose behind this feature is to allow Armadillo Phone users with the opportunity to use an alternative secure communication channel that's basically impossible to intercept track down and censor

Key Security and Privacy Features of the Device include:

• AES-256-XTS block-level FDE
• Block-level FDE instead of Android's file-based encryption
• Scrypt work factors increased
• Minimum 8-character alphanumeric password
• Completely software-based
• Keymaster and gatekeeper disabled
• Normal password for deniable encryption
• Secret password stored at randomized offset
• Secret volume is hidden inside unused portion of decoy data
• Wipe password in footer to erase device
• Separate lockscreen password
• Password verification order randomized at runtime to prevent timing attacks 
• Enhanced KASLR and userland ASLR
• Increased ASLR entropy
• Several PaX patches ported
• Zygote uses exec() spawning instead of fork()
• Improved SELinux rules
• Hardened malloc implementation
• Stack and heap canaries detect overflows
• Enhanced FORTIFY_SOURCE implementation
• Function pointer protection
• Restrictive compile-time sanitization
• Additional attack surface reduction
• All connections made using pinned TLS 1.2 connections with high-entropy 4096-bit certificates
• Metadata can be further protected by enabling optional VPN
• Verify encryption keys using manual verification, QR code, SMP or NFC
• Chat uses OMEMO encryption
• Email uses PGP encryption
• Email uses randomized subjects
• Email uses encrypted connection to keyserver and mailserver
• Email requires 4096-bit PGP keys
• Radio Sentinel: Monitors WiFi networks for ARP poisoning. Monitors cellular networks for 2G networks, performs sanity checks and compares cellular towers to a database of known network
• RAM Sentinel: Monitors temperature to prevent cold-boot attacks
• Theft Sentinel: Connects to anti-theft beacon over BLE, alarms both beacon and phone if disconnected. If phone isn't unlocked or beacon isn't reconnected within 5 minutes the phone will shutdown. 

Based on my current experience with the device which I've recently started using for the purpose of keeping in touch with friends and colleagues I can easily say that this is one of the most advanced and technically sophisticated mobile security device that can be easily obtained from here and I sincerely hope that my research and security knowledge and technical knowledge expertise will prove highly valuable to what the Team at Armadillo Phone are currently doing.

Stay tuned!

Continue reading →

Joining Team Armadillo Phone!

Dear blog readers,

It's a pleasure and an honor to let you know that I've recently joined forces with Team Armadillo Phone in the fight against sophisticated nation-state and rogue cyber threat actors for the position of Security Blogger targeting mobile devices on their way to compromise sensitive and often classified personal information and that I'll be definitely looking forward to making impact with the company through the publication of high-quality security and cyber threat research including the active education and spreading of information and knowledge to the company's clients on their way to further protect their sensitive and often classified data from mobile threats courtesy of a multi-tude of malicious and fraudulent adversaries.

Among my responsibilities will include active cyber threat an nation and rogue cyber adversary research including actual client outreach in terms of Security Blogger including the actual work and eventual implementation of new never-published and seen-before privacy and security features including the actual Security Audit of the device in terms of possible Threat Modelling flaws and actual practical solution and advice-oriented implementation of new privacy and security features next to the usual cyber nation-state and rogue cyber actor type of threat analysis and research that I've been doing throughout the past decade.

Perfect timing to say big thanks to COO Rob Chaboyer and CEO Kelaghn Noy for bringing me on board and for actually taking the time and effort to go through my proposal and actually initiate a video conversation with me for the purpose of working together.

My initial idea would be reach out to the company's client-base in terms of possible security threats outreach including the active production of high-quality security and cyber adversary research targeting mobile devices at the company's blog including the production of a Threat Modelling Scenario Research Analysis which I intend to publish at the company's blog including an actual practical and solution-oriented Security Audit of the device next to the actual introduction of new privacy and security features.

I will be definitely looking forward to making an impact with the company and I'll be definitely looking forward to continue publishing the high-quality and never-published before type of research analysis at my personal blog. Continue reading →

China's Interest of Censoring Mobile Communications

Just came across to a great article at the IHT on China's interest of tightening control of cellphones :

"The new measures being contemplated for tightening control of cellphone use reportedly include mandatory user registration. Users now can easily buy cellphone cards at any convenience store, instantly obtaining a new phone number without identifying themselves. Whether through speech or short messaging, cellphones have played a major role in a wave of social unrest that has swept China in the last two years, allowing people to organize quickly and to spread news of police actions and other developments. Anonymous use of cellphones is a major loophole at a time when the state is investing heavily on monitoring communications of all kinds, and the authorities appear determined to close it"

Whereas there's been quite some media coverage on China's Internet censorship efforts, the country's under-developed income distribution model results in more people having access to plain simple cellphone communications compared to owning a PC. And even if they own a PC, or use public ones to access the Internet, information from China's provinces where the real China is, often breaks out through SMS messages -- or comes in. Venus Info Tech's Cybervision SMS Filtering System is what they've been using, and it seems it's the government's long-term partner. The article also points out on the illegality of reporting or broadcasting information on "sudden events", consider the SARS virus as one of these. Yet another in-depth article, indicates the only usefulness out of this censorship, or let's use a more friendly term, such as content monitoring/filtering, which is the detection of banking frauds and other scams -- can you censor "Bware, SMS unda ctrl" or learn to encode in such a way?

From a business perspective, the Chinese Internet population represents a hot opportunity for companies offering censorship-circumvention services -- IP cloaking and competitive intelligence among the other needs. It's interesting to note U.S government's interest in Chinese citizens having access to more information :

"Ultrareach and Dynamic Internet Technology (DIT) in North Carolina, both connected to Falun Gong, receive U.S. government funding through the International Broadcasting Bureau to help it get Voice of America and Radio Free Asia to Chinese Web surfers. Each day, DIT sends out millions of emails and text messages containing proxy links to Chinese citizens. About one million users have downloaded DIT's circumvention software, which automatically links to the firm's proxy servers, while ``hundreds of thousands'' directly access the proxy Web sites daily, said founder Bill Xia. UltraReach, claims 100,000 users use its proxies.All told, the IBB spends about $5 million a year on contracts with hacktivists and firms on censorship-busting efforts in countries such as China and Iran."

I also came across to an informative research on the topic, "The Wireless Leash : Mobile Messaging Service as a Means of Control". Recommended reading in case you want to know more on the topic from a social and political perspective, as well as go through many relevant cases.

UPDATE : China restricts Internet cafe access - "Rules on children in Internet cafes were imposed after Chinese officials warned that students were spending too much time playing online games and were getting access to violent and obscene material."

Related resources:
Censorship
China
2006 = 1984?
Anonymity or Privacy on the Internet?
World's Internet Censorship Map
China - the biggest black spot on the Internet’s map
Chinese Internet Censorship efforts and the outbreak
Securing political investments through censorship Continue reading →

The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking

I've once mentioned various privacy issues related to mobile devices, the growing trend of "assets tracking", and of course, cell phones tracking. Yesterday I came across to great summary of the current situation -- privacy groups make a point of it. From the article :



"Real-time tracking of cell phones is possible because mobile phones are constantly sending data to cell towers, which allows incoming calls to be routed correctly. The towers record the strength of the signal along with the side of the tower the signal is coming from. This allows the phone's position to be easily triangulated to within a few hundred yards. But the legal grounds for obtaining a tracking order is murky -- not surprising since technology often outpaces legislation. The panel agreed that Congress should write rules governing what level of suspicion cops need to have before tracking people through their cell phones."



While on the other hand, there's also an ongoing commercialization of the service by the industry itself, if the government were to start using practices like these with grey subpoenas, it would undermine the customers' trust in the industry and BigBrother is going to get even bigger. Enthusiasts are already experimenting with DIY cell phone tracking abilities, so if you worry about being tracked through your phone, you should also start worrying about having an extra one in your bag. Physical insecurities such as digital forensics on cell phones, even counter-offerings are today's reality, while flexible lawful wiretapping may still be taking one way or another -- I guess the NSA got all the attention recently, with their domestic spying program.



As the Mindmaker pointed out, we must assume that we are trackable wherever we go, but I think this dependence would get even more abused in the future by the time proposed laws match with the technology. Continue reading →

Privacy issues related to mobile and wireless Internet access

I just came across a research worth checking out by all the wardrivers and mobile/wireless Internet users out there. While it's written in 2004, "Privacy, Control and Internet Mobility", provides relevant info on an important topic - what kind of information is leaking and how can this be reduced. The abstract describes it as :



"This position paper explores privacy issues created by mobile and wireless Internet access. We consider the information about the users identity, location, and the serviced accessed that is necessarily or unnecessarily revealed observers, including the access network, interme- diaries within the Internet, and the peer endpoints. In particular, we are interested in data that can be collected from packet headers and signaling messages and exploited to control the users access to communications resources and online services. We also suggest some solutions to reduce the amount of information that is leaked."



A more in-depth overview on the topic can also be found in "A Framework for Location Privacy in Wireless Networks", an excerpt :



"For example, even if an anonymous routing protocol such as ANODR is used, an attacker can track a user's location through each connection, and associate multiple connections with the same user. When the user arrives at home, she will have left a trail of packet crumbs which can be used to determine her identity. In this paper, we explore some of the possible requirements and designs, and present a toolbox of several techniques that can be used to achieve the required level of privacy protection."



Mobile/Wireless location privacy would inevitable emerge as an important issue given the growth of that type of communication, and the obvious abuses of it.



Technorati tags :
Security, Privacy, Wireless, Mobile, Tracking Continue reading →