Lavabit and End-point Security

[coderman]

one last cautionary tale:

some time back i used the techniques discussed to harden some Android
phones brought with me into a hostile environment. i had kernel level
protections in place, hardened the system configuration and services,
pared down apps to the minimum and constrained their access to the
file system and network. this was months of effort.

the first adversarial encounter went very well in my favor - all of
the attempts to exploit my devices were thwarted at these various
layers and via these protections, with the sole exception of a Google
Voice Search hack that kept voice search active in an "open mic night"
eavesdropping capability.  this was quickly nullified via kill -STOP
(Android won't re-spawn an app that is already running, and a stopped
process proved quite effective at halting this repeated invocation of
search used to capture audio.)


fast forward to round two, and i doubled down on the kernel, system,
and application level protections. even more scrutiny is applied to
applications to avoid the misuse of legitimate functionality for
malicious purpose.  i am feeling confident!


... and then a baseband exploit easily walks under all of my
protections at every layer, completely and fully 0wning my devices,
with the only hint at anything amiss being the elevated thermal
dissipation and power consumption from the radios performing data
transmission, all while the Android OS believed the devices were
silent in airplane mode.

[informative interlude: software defined transceivers should be in
every hacker toolbox; radio level attacks are otherwise invisible to
you. they are also useful for many other purposes, perhaps one day
even providing a solution to the untrustworthy proprietary firmware
and baseband systems crammed into every mobile device these days.]


---


incidentally, this also demonstrates why IOMMU / VT-d guest isolation
of devices on the host bus is very useful, as a vulnerable NIC could
otherwise provide complete access to privileged memory and interfaces
just like the baseband exploit above...  assuming your CPU itself is
trustworthy!

"trusting trust" continues to be a persistent and difficult problem,
leaving us all vulnerable to some degree or another - it's just a
function of cost and skill to compromise.  turtles all the way down!


;P