Press release BoxID: 638472 (Fink & Fuchs AG)
  • Fink & Fuchs AG
  • Berliner Str. 164
  • 65205 Wiesbaden

Android KitKat Security: The Good, the Bad and the Downright Hilarious

(PresseBox) (Wiesbaden, ) The latest iteration of the Android operating system codenamed KitKat has been released on October 31st and, according to the changelog, it comes with quite an array of security features. The full list of security additions is already up on the Developers website and covers features from enhanced sandboxing to certificate pinning or boot verification. We took a look at the new security features as they show up in the AOSP (Android Open Source Project) version of KitKat and here is a rundown of what we learned:

1. SELinux set to Enforce Mode

SELinux is a kernel security module that has been in Linux for more than 10 years, but which has been integrated into Android in version 4.3. The mandatory access control module was developed by the NSA, and has only been used in permissive mode in the previous version of Android for logging purposes only. The new implementation runs SELinux into enforcing mode, which means that it is now able to prevent privilege escalation attacks such as an application gaining root privileges over the device, regardless of the application's permissions.

2. Crypto-stuff: Google Certificate Pinning and SSL CA Certificate Warnings

Following the post-Snowden era disclosures, cryptography has become increasingly important for mobile users. These two new features introduced in Android 4.4 make sure that the digital certificates your device trusts are genuine and not some substitutions. Long story short, if a digital certificate for a specific site has been fraudulently obtained by either breaking into the CA or by just tricking them into issuing a new certificate on somebody else's behalf, Android will notify the user that the certificate's fingerprint does not match what Google has on record. This is a welcome mitigation against man-in-the-middle attacks, but will also make traffic scanning via SSL more difficult for security solutions running in enterprises.

3. FORTIFY_SOURCE against buffer overflow exploitation

Buffer overflows have been a great issue for basically every piece of code where programmers need to allocate memory by hand. The new KitKat compiles with FORTIFY_SOURCE running at level 2, which means that the compiler attempts to identify buffer overflow conditions on compilation, but take this with a grain of salt: if compilers could identify all buffer overflow conditions, the world would be a better place.

4. Per-User VPN

In case of tablets that are configured to be shared by multiple users, KitKat supports per-user VPN settings. This means that and user can configure and route his/her traffic through a VPN, but the downside is that - from what we see with the AOSP build - VPN settings are only available for the first tablet user, while other users have to do without VPN at all.

5. No more rootkits, no more rooting

Another notable change introduced in KitKat is a new kernel ability called device-mapper-verity, an anti-rootkit subsystem system that prevents malware from exploiting. At the same time, by verifying the integrity of the device's file system at a low level via cryptography, rooting the phone becomes a thing of the past for most devices that come with a locked-down bootloader. This means that alternative ROMs such as CyanogenMod, Paranoid Android or others will have a hard time getting on devices other than developer or Nexus ones running stock Android.