The security folks at Google have been detailing how they intend to harden up Android against attack.
In a blog post, Jeff Vander Stoep of the mobile operating system's security team said that in the next build of the OS, named Nougat, Google is going to be addressing two key areas of the Linux kernel that reside at the heart of most of the world's smartphones: memory protection and reducing areas available for attack by hackers.
On the memory side, Google wants to segment off sections of memory so that a flaw in one area won't lead to weaknesses in others. Data sections of the kernel are going to be split into read-only and read-write sectors, limiting the opportunity for malware to work, while code sections can only read and execute and not write new strings.
Google has also taken a leaf from Linux kernel hardening gurus Grsecurity, with a system to remove the ability of the kernel to directly access memory mapped into userspace. This limits an attacker's ability to hijack the kernel and use malicious data and code stored in an application's virtual memory.
Better protections against stack buffer overflows, where an attacker floods the stack with data to crash or hijack software, are also going to be added. A beefed-up implementation of -fstack-protector will be put in, as it already has been in the Chrome operating system.
As for reducing the attack surface, Google is disabling the perf functions for performance measurement by default, since it opens up too many opportunities for attack. Coders can still access perf, but only in developer mode, and its ability to function may be limited to either kernel or userspace sections.
Google is also restricting the use of SELinux ioctl system calls to a very small whitelist of socket commands. The same system will also be used for GPU ioctl commands.
It is taking the seccomp sandboxing system that has been used by Nexus phones for some time and making it mandatory over all Android phones running Nougat. Google will also be using seccomp as part of its plans to redesign the media handling in Android that has been taking up a lot of patches to defend.
The changes should lead to better security for Android devices, although these things tend to follow a Red Queen evolutionary process, where better security is matched by cleverer hacking practices. Google said it will also be working with Linux groups on other security strengthening techniques, as well as trying to build better tools for bug hunters.
The timing of the Google announcement is interesting, coming just two days after ailing Canadian competitor Blackberry announced its own hardened version of Android to be used in the forthcoming DTEK50 handset.
BlackBerry says it too has beefed up the security of its Android kernel, enabled certificate pinning and will use hardware keys to sign the device's firmware, ensuring custom and tampered-with operating systems aren't installed. The new phone will also have an encrypted file system by default and Blackberry is promising "rapid" security patches – something firms like Motorola and others are being very tardy about rolling out.
In other words, Google's Android defaults in Nougat will match BlackBerry's hyped up security in the DTEK50. Awkward. ®