The Dumber Android Is, the Better, Say Experts 165
ZDOne writes "ZDNet UK is reporting that it will not be known until the Android software development kit comes out on Monday whether the Gphone will be strictly Java-based, but security experts claim that the less smart a phone is, the less vulnerable it is. Android developers should stick to a semi-smartphone platform because the Java sandbox can protect against the normal kinds of attacks, experts claim. The article also discusses some of the pros and cons of open vs. closed source security. 'The debate about the relative security merits of open-source as opposed to proprietary software development has been a very long-running one. Open-source software development has the advantage of many pairs of eyes scrutinizing the code, meaning irregularities can be spotted and ironed out, while updates to plug vulnerabilities can be written and pushed out very quickly. However, one of the disadvantages of open-source development is that anyone can scrutinize the source code to find vulnerabilities and write exploits. The source code in proprietary software, on the other hand, can't be directly viewed, meaning vulnerabilities need to be found through reverse engineering.'"
I think you've come to the wrong conclusion. (Score:5, Informative)
She's not dumb, she's smart.
Second: Simple systems are more likely to be secure than more complex systems in general as they are less prone to component failure.
The Java sandbox is an extremely complex system, with trusted and untrusted code running in the same address space calling the same libraries, with the security managed by code that's also using the same libraries and running in the same address space. I am honestly amazed that it's worked as well as it has.
The multiuser protection in UNIX is an extremely simple system, with untrusted code running in separate address spaces and, traditionally, with the ability to run security applications using no shared libraries at all. It's also proven extremely effective, and it has the advantage that even if flawed code is run those flaws do not automatically provide an escape route from the whole sandbox the way flaws in libraries called from Java do.
This is not to say that the Java sandbox isn't a useful tool, but rather to say that when analyzing the security of the system as a whole the fact that an application is written in Java should not be given the kind of importance that it seems to be getting here.
Re:The most secure phone ever! (Score:5, Informative)
But the Western Electric 500s were hackable! Some of them had no dials; businesses used the dial-less phones for where they wanted a low level employee, like the teenaged me at the ticket booth at the drive in theater, to be able to answer them but not make outgoing calls.
You could, however, "dial" them by repeatedly hitting the hangup buttons. So I was hacking your "unhackable" phone when I was 16. Actually I was cracking not hacking; I was hacking when I made guitar fuzzboxes out of $10 transistor radios and selling them for $50 each to other teenaged guitar players.
-mcgrew
PS- I've almost forgotten this, but in the Metro East St Louis area you could dial Bridge 1300 and a spooky noise cane out of the phone. The other kids said it was a ghost, I never had the heart to educate them about the reality.
Re:Open is better (Score:4, Informative)
The debate about the relative security merits of open-source as opposed to proprietary software development has been a very long-running one
Indeed. The principle of open security was first proposed by Auguste Kerckhoffs in 1883.
Any time security depends on the secrecy of some mechanism, that security is pepetually at risk. All these millions of instances of the same vulnerable mechanism, no way to tell in general whether their security has been broken, and -- as you point out -- a certainty that the vulnerable secret cannot be contained.
In what way exactly does this remain a matter of debate?
Reverse engineering not required (Score:5, Informative)
This is so wrong it isn't funny. I need know NOTHING about the internals of a program to exploit it - I only need to find a set of inputs that make it crash in interesting ways. Buffer overflows can be trivially used to redirect a running program to jump to a stack frame supplied as part of the crafted inputs. There are other ways to play the game against binaries without reverse engineering.
Cheers,
Toby Haynes
Re:It certainly is a sentence. (Score:2, Informative)
Re:From the wha...? (Score:4, Informative)
Re:The most secure phone ever! (Score:2, Informative)
Re:The most secure phone ever! (Score:0, Informative)
Actually, you were doing an early version of phreaking [wikipedia.org].