Re: [Opensc-devel] Android 4.3 Hardware-Backed Security Features

[Jean-Michel P. - G. <jm...@go...>]

Le jeudi 29 août 2013 à 06:00 +0200, Anders Rundgren a écrit :
> I think your conclusions regarding security are correct.
> I.e. this is not a perfect solution. 

My next step was to test Android 4.3 in real life, which I did during
the night, as I was too busy to play.

I used a Nexus7 hardware with embedded crypto chip. The very same
hardware which is described in the article.

First of all, Android 4.3 has a strange option to become what is called
"Administrator". When such option is triggered, you can connect on your
Gmail account and disable your tablet remotely and reformat flash card.

This indicated that under some conditions, Gmail and Google can be the
administrator of your tablet and have total control remotely.

This is the first time ever that I test such a feature on a computer.

In movie Elysium:
http://fr.wikipedia.org/wiki/Elysium

Kruger (Sharlto Copley) certificates and authorizations are canceled
remotely by Jessica Delacourt (Jodie Foster) interactively. In the
movie, Kruger IS a war criminal, so this is normal. There are also very
good shots about a Faraday cage, but this is not the issue here. 

Here, the issue is certificate management over the Internet.

There is some kind of such mechanism in Nexus7, as it seems that all
certificates can be canceled remotely using GMail. The scope of control
is unknown: user only, Google itself, US government, or local government
(France government for France, German government for Germany, etc ...).
Sincerely, I have no idea. This seems normal for French government to
disable a tablet of a French citizen in case of extreme emergency and
this is not shocking IMHO. But other scopes are unknown.

Under Nexus7, there is also this strange option for voice recognition,
where the tablet can listen to conversations with or without Internet
connection and display the text. I could test with very unusual
sentences and it worked like a charm. The only error is that the tablet
mixed "dog" with "cat", but it was clearly Okay.

What does "Voice recognition" with Internet connection means? Simple:
your voice is processed remotely in the cloud with power of thousands of
CPUs. We know what it means.

Together, the impact of:
* embedded cryptography using unknown chips, 
* total control over certificates (probably through master key or some
slave keys) using Internet, 
* total control over reboot and reformat of tablet,
* AND voice recognition (in French we say this is "la cerise sur la
gateau"),
AND security leaks built in the system (i.e. leading to well-known
exploits and backdoors)

IS unknown.

This is the least to say!

For sure, Android 4.3 and Nexus7 are not usable in any kind of Company,
University or and mainly not any kind of Government or any kind of
Administration, local or central or any kind of association or charity.

I am quite surprised, actually, did Google register the cryto chip at
ANSSI (French administration for crypto), as it is requested?

My Nexus7 tablet is now shut-down and I will probably not start it
again, even to make screenshots. I am waiting for an upgrade of the
Android system, which would allow businesses to use the tablet in decent
conditions.

Thank you again for this interesting article, which convinced me to
avoid any management of certificates over Internet. So the future
belongs to smartcards and USB tokens. We draw a different conclusion as
yours. And this is still needed to register cryto-chips at ANSSI,
France, for security and also freedom.

Kind regards,
-- 
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu