MokSec - The Security Framework
moko at kobran.org
Tue Aug 19 20:58:54 CEST 2008
Apologies for the tardiness of this post.
On Mon, 2008-07-14 at 10:57 -0400, Crane, Matthew wrote:
> I would think on a phone the primary concern is protecting the user
> E.g. sms, contacts, history.
> If somebody was able to malicously install software on the phone, your
> pretty much already $%@#'ed. Not letting it call out helps, but it's
> already defeated. I'm assuming we're not installing a lot of new
> unknowns on a secure device, and anything trying to make network
> connections is evol.
You're forgetting a large attack vector: social engineering. It doesn't
require someone being able to maliciously install something for it to
get on your system, especially once Moko repositories start to flourish
and organizations setup their own for specific apps/purposes.
Additionally, having used several mobile phones (Smart and otherwise)
often it is helpful to be able to decide what abilities a piece of
downloaded software will have (e.g. a game doesn't need to look at my
You're also assuming that it's a "secure device" and that the owner will
know how to keep it that way. From experience, I can tell you that as
soon as non-geeks get a hold of this phone (Presumably sometime this
fall) device security will go out the window.
> I've been picturing running an encrypted rootfs image off an SD card.
> There could be multiple encrypted rootfs images, only one would be the
> real one, or they all could be used for different reasons.
Not a bad idea. I had to do something similar with my Zaurus 5500
several years ago because 14M of storage is not enough. However with the
FreeRunner, I do actually want to keep my rootfs on the rootfs and use
the card(s) for different data sets.
> Once the system boots it's up to the user to unlock the keys to the
> encrypted image to be used and that gets booted from the already running
Then what happens if you leave the system in sleep mode and accidentally
leave it somewhere and it "wanders off"? You've unlocked the rootfs
already, so as long as the attacker doesn't reboot the phone, they've
More information about the community