[ bigvlada @ 12.07.2013. 08:54 ] @
|
|
Security-Enhanced Android: NSA Edition
By Mark Milian
July 03, 2013
Tech giants listed as part of the National Security Agency’s Prism spying program have gone to some lengths to convince the world they aren’t in bed with the U.S. government. Google (GOOG) has filed a request with the U.S. Foreign Intelligence Surveillance Act court asking permission to disclose more information about the government’s data requests. So there’s a certain irony that NSA programmers are now refining code that Google has approved for the company’s mobile operating system, Android. Google spokeswoman Gina Scigliano confirms that the company has already inserted some of the NSA’s programming in Android OS. “All Android code and contributors are publicly available for review at source.android.com,” Scigliano says, declining to comment further.
Through its open-source Android project, Google has agreed to incorporate code, first developed by the agency in 2011, into future versions of its mobile operating system, which according to market researcher IDC runs on three-quarters of the smartphones shipped globally in the first quarter. NSA officials say their code, known as Security Enhancements for Android, isolates apps to prevent hackers and marketers from gaining access to personal or corporate data stored on a device. Eventually all new phones, tablets, televisions, cars, and other devices that rely on Android will include NSA code, agency spokeswoman Vanee’ Vines said in an e-mailed statement. NSA researcher Stephen Smalley, who works on the program, says, “Our goal is to raise the bar in the security of commodity mobile devices.”
http://www.businessweek.com/ar...d-android-nsa-edition#r=nav-fs |
[ Ivan Dimkovic @ 12.07.2013. 09:02 ] @
Koliko god nekima zvucalo smesno, NSA ima interes u sigurnim platformama posto moraju imati za svoju sopstvenu upotrebu stvari koje su dovoljno sigurne. To je neumoljiva cinjenica posto kineski, ruski, iranski pa cak i izraelski ili francuski NSA ekvivalenti sigurno svaki dan vredno rade na spijuniranju USA.
Ono sto ljudi propustaju cesto je da je NSA, takodje, osim za spijuniranje drugih zaduzena za sigurnost podataka svih USA drzavnih agencija tj. prevenciju spijuniranja USA vlade. Upravo zbog toga i rade na projektima kao sto su dodatni layeri sigurnosti za commodity OS-eve kao sto je Android.
USA drzavne agencije svake godine generisu sigurno milione poverljivih dokumenata i stotine hiljada visoko-poverljivih dokumenata. Ti podaci se nalaze na gomili uredjaja (od specijalnih custom-dizajniranih uredjaja sve do siroko dostupnih mobilnih i PC uredjaja) sirom zemaljske kugle. Obezbediti kakvu-takvu sigurnost tih podataka je vrlo tezak zadatak i upitno je da li ga je uopste moguce postici.
I upravo zbog tog posla NSA, takodje, proposuje javno dostupne kriptografske algoritme za sav USA "top secret" materijal, posto je prakticno sigurnije koristiti javne algoritme koji su konstantno proveravani od strane cele kriptografske strucne javnosti od nekakvih proprietary algoritama koji mogu patiti od propusta koji nece biti primeceni samo zato sto su sami algoritmi tajni.
To ne znaci da neko treba blanko da prihvata NSA patch-eve, ali uz pozitivan peer-review koda nema nicega specijalno cudnog u celoj toj prici zato sto je, NSA, takodje placena da obezbedjuje da platforme koje koriste zaposleni u USA drzavnim ustanovama budu sigurne od spijunaze.
[ Nedeljko @ 12.07.2013. 15:17 ] @
+1
[ EArthquake @ 14.07.2013. 13:28 ] @
Da, cak i nije prvi put da rade na razvoju open source security mehanizama.
Recimo i SELinux koji donosi naprednu kontrolu pristupa je potekao iz NSA.
Copyright (C) 2001-2024 by www.elitesecurity.org. All rights reserved.