Android 4.4′s verified boot has device modders worried

November 6, 2013

    Droid-Razr-Locked-BootloaderOne of the new security features in Android 4.4 KitKat is verified boot which is designed to detect persistent rootkits that can hold onto root privileges and compromise a device’s security. At the moment the feature is experimental and optional which means it is unlikely that many manufacturers will use it now, however it could become popular in the future.

    A rootkit is a clever piece of malware which because it has root access can hide itself from the host operating system and can even trick any security software installed because its systems privileges allow it to “lie” to any detection methods. One way to check that a device hasn’t been infected by a rootkit is to check the integrity of the system files. On a normal Android device apps are installed in the user space part of the OS and each app is self-contained and runs in what is known as a sandbox. The app performs unhindered in its own sandbox, but it has no authority to change files in other parts of the system or in the sandbox of another app.

    Clever malware with root privileges can hide from detection programs and otherwise mask themselves. The rooting software can do this because it is often more privileged than the detectors, enabling the software to 'lie' to to the detection programs.

    If an app does manage to get root access (due to a security vulnerability in the underlying OS) then its root access is often temporary as once the device is rebooted the app won’t necessarily be running or be in a position to enable its root access again. However once a rootkit manages to gain root access it attempts to modify the system area of Android so that its root access is persistent.

    To detect these changes to the system area Google has implemented dm-verity a feature that looks at the individual blocks of data on the Android file system to see if they are in the expected configuration. It does this using hashes to check that the data hasn’t been modified.

    This is all great when it is applied to rootkits, but here is the problem: many of the techniques used by modders to root a device, gain system privileges and install custom ROMs or kernels are very similar to the techniques used by rootkits. Therefore trying to root a device with dm-verity enabled becomes a whole lot harder, maybe even impossible.

    End of custom firmware?

    Pulser_G2 has written an article over at xdadevelopers called “Google Taking Aim at Device Modders in Android 4.4 KitKat.” The title is a little inflammatory as Google aren’t specifically targeting modders but rather malware, however the consequences of Google’s actions will affect modders.

    One aspect of the Android eco-system that appeals to some is its open source nature and the freedom that open source gives. There are several popular alternative Android ROMs including Cyanogenmod which recently went commercial and has partnered with Oppo to release a smartphone with Cyanogenmod installed by default. These custom firmware builds often rely on the user gaining root access before installing the new ROM. Manufacturers who ship devices with locked bootloaders and with dm-verity enabled will be effectively closing the door on custom firmware installations.

    However all is not lost, first there aren’t actually any devices yet shipping in this configuration so it is too early to tell how prominent this will become. Second, since companies like Samsung and HTC are happy to ship “Google Play Editions” of their devices and while others ship Developer editions with unlocked bootloaders it seems that they aren’t closed to the idea of handsets made specifically for those who want to tweak their phones.

    The happiest outcome to this would be if manufacturers ship handsets with locked bootloaders and with dm-verity enabled for those who want to ensure that their devices aren’t infected by rootkits (specially those using their phones for business purposes), while at the same time offering open models for those who want the freedom to load other firmwares.

    What do you think, does dm-verity signal the end of custom ROMs?

    0 54 192

    Comments

    • mumusen

      Google turning itself into Apple? Not cool.

      • MasterMuffin

        I don’t see it like that, Apple doesn’t want you to mess with their system, Google doesn’t care as long as its users are safe so they can use its services and give them money. And this only makes things harder if you buy from a carrier and accept locked bootloaders, otherwise you can just change the kernel and be done with it. Read the XDA article from source

        • Mayoo

          Apple : Dictator
          Google : Permissive with constraints

          or you can see it like this :

          Apple : Bad parenting
          Google : Good parenting

        • NeedName

          Yeah, till Google decides all moders are harming their ad revenue with adblockers and the like. . .

        • freedomspopular

          Yep, Google doesn’t care what you do with your device…unless it’s a Chromecast…

      • http://forum.xda-developers.com/member.php?u=2926289 Jasonwsc

        I don’t see the issue if your device can be bootloader unlocked, since you will always be able to root it by flashing a custom kernel. However, those buying carrier-branded devices should take note, as this might remove the possibility of root once and for all.

        If you live in the U.S. and want to mod your phone, just get a Nexus. It’s cheap, it’s good and it’s open. Not to mention the constant updates.

    • James Silva

      This is smart… But then for the modders, you should be able to use your own dm-verify command. What I mean is you should have the ability to provide your own hashes that include your proper root modifications.

      • Ivan Myring

        Yes, can anyone verify if this would work?
        Also would there be any way to flash a rooted version of the software (I.e. root de la Vega) and modify from there?

    • adam evans

      Isnt cyanogen aiming for a way to achieve everything you want without root access? ending root access would make systems alot more secure.

      Also correct me if im wrong but i have never had to root before installing a custom rom for any of my devices.

      • emanuele_zanetti

        well.. I think this is impossible, you need root access to modify parts of the system (for example, to set the quick settings to act like toggles).

        • adam evans

          in a manufacturers rom yes. But the functionality could be included without permissions could be build right into the rom

          you need root permissions to edit an existing system. But if the system is built to allow for the flexibility then no permissions are required.

          Its possible just requires making more dramatic changes to the ASOP code than before

        • ger adriaans

          Not realy, most customs roms are pre-rooted so flashing this rom with a custom recovery will be enough to root the device and install busybox.

    • TONY ALDO

      As someone who works in IT this is great. Phones now contain so much sensitive material that any added sec would be beneficial. What Google should do is some how let you do this virtually. Maybe some type of dual boot virtualized partition. But in any case this could be a good thing.

    • DarxideGarrison

      I’ve been using Cyanogenmod on my rooted Epic 4G and GS3 because I like the hardware combined with the “stock like” Android experience. However I’ve had the Nexus 7 (2013) for a while now and haven’t felt need to root it. I’ll probably not root my Nexus 5 on Friday either. But rooting is still a very important part of the Android community and should not be hindered for developers.

    • Troy Leonard

      Honestly I think it is a great idea. With the ever accelerating death of BlackBerry businesses need a secure option, I for one would rather that be android based not ios. I have no doubt that develops editions will continue to be available and most devices probably won’t ship with this enabled. Security is important and it is good that Google is looking to advance security on its platform.

    • Magnetic1

      Only people who seems to hack on other people’s devices these days, already have a backdoor built into the design; because they got the guy who knows the guy. Didn’t the PC industry learn their lesson from UEFI? The people who develop custom ROMs are not the enemy.

    • MSmith79

      Google’s not worried because there isn’t any security restriction that could be put in place that would stop modding. Modders will always find a way around it, often within days. It’s smart of Google to tighten the security where they can, and they can do so without worrying that they lose their modding community.

    • hoggleboggle

      I don’t see any reason why this security feature shouldn’t come as standard on every phone providing it gives the user the option to manually override it if they want to mod their device.

    • Androphoner

    Popular

    Latest