Android Hardening: Difference between revisions
From Bibliotheca Anonoma
Antonizoon (talk | contribs) (Created page with "== Before you start == The first step is to understand what sort of targeted threats you might face, before you figure out what kinds of vulnerabilities to patch. These are q...") |
Antonizoon (talk | contribs) |
||
| Line 4: | Line 4: | ||
* '''Are you trying to generate encryption keys or secure large amounts of cryptocurrency?''' - Securing cryptocurrency and (to a lesser extent) GPG/SSH or other private keys is the most important legitimate use case that demands the utmost paranoia. You are your own bank and security guard in this case: however, there are ways to do this with the utmost security. | * '''Are you trying to generate encryption keys or secure large amounts of cryptocurrency?''' - Securing cryptocurrency and (to a lesser extent) GPG/SSH or other private keys is the most important legitimate use case that demands the utmost paranoia. You are your own bank and security guard in this case: however, there are ways to do this with the utmost security. | ||
** Use hardware smart card systems to store your private keys and cryptocurrency. With these, just like a phone SIM card, the private keys never exit the card, so no private key exists on the computer to steal. Input comes in, encrypted output goes out. For cryptocurrency, the Trezor and Ledger work as cryptocurrency wallets on the same principle: especially look for wallets with hardware buttons that you can press for confirmation. | ** Use hardware smart card systems to store your private keys and cryptocurrency (Yubikey, OpenPGP Card, Fidesmo). With these, just like a phone SIM card, the private keys never exit the card, so no private key exists on the computer to steal. Input comes in, encrypted output goes out. For cryptocurrency, the Trezor and Ledger work as cryptocurrency wallets on the same principle: especially look for wallets with hardware buttons that you can press for confirmation. | ||
** Make sure while you are generating keys, do not connect to the internet and do not have the swap partition active. You best bet is to use a minimal liveCD/liveUSB system that runs only in RAM, such as Lubuntu or Ledger's airgapped key generator. | ** Make sure while you are generating keys, do not connect to the internet and do not have the swap partition active. You best bet is to use a minimal liveCD/liveUSB system that runs only in RAM, such as Lubuntu or Ledger's airgapped key generator. | ||
** The way random numbers are generated is also important. Pseudorandom numbers could possibly have mathematical backdoors involved which could make encryption ineffective from the actor who discovers such exploits. Thus, ensure that your random number generator is not encumbered with such security problems, by getting randomness from dice, mouse movement, or environmental detectors (radiation is most useful). | |||
* '''Are you under direct threat from foreign governments or foreign actors?''' - Get assistance and support from your country of citizenship immediately, and if possible, use devices that they trust with security clearance. Even Windows and other proprietary systems may sometimes be acceptable in this case, since direct clients get direct input into the source code. If no support is given, follow the next step instead. | * '''Are you under direct threat from foreign governments or foreign actors?''' - Get assistance and support from your country of citizenship immediately, and if possible, use devices that they trust with security clearance. Even Windows and other proprietary systems may sometimes be acceptable in this case, since direct clients get direct input into the source code. If no support is given, follow the next step instead. | ||
* '''Are you under direct threat from your own government or people in power?''' Avoid all electronics as much as possible. Watch out for any cameras or microphones nearby. Especially do not use a smartphone or even a cellphone with a baseband, since these can be exploited to read the data on your phone. | * '''Are you under direct threat from your own government or people in power?''' Avoid all electronics as much as possible. Watch out for any cameras or microphones nearby. Especially do not use a smartphone or even a cellphone with a baseband, since these can be exploited to read the data on your phone. | ||
Revision as of 19:37, 3 October 2017
Before you start
The first step is to understand what sort of targeted threats you might face, before you figure out what kinds of vulnerabilities to patch. These are questions that can help narrow down what you need.
- Are you trying to generate encryption keys or secure large amounts of cryptocurrency? - Securing cryptocurrency and (to a lesser extent) GPG/SSH or other private keys is the most important legitimate use case that demands the utmost paranoia. You are your own bank and security guard in this case: however, there are ways to do this with the utmost security.
- Use hardware smart card systems to store your private keys and cryptocurrency (Yubikey, OpenPGP Card, Fidesmo). With these, just like a phone SIM card, the private keys never exit the card, so no private key exists on the computer to steal. Input comes in, encrypted output goes out. For cryptocurrency, the Trezor and Ledger work as cryptocurrency wallets on the same principle: especially look for wallets with hardware buttons that you can press for confirmation.
- Make sure while you are generating keys, do not connect to the internet and do not have the swap partition active. You best bet is to use a minimal liveCD/liveUSB system that runs only in RAM, such as Lubuntu or Ledger's airgapped key generator.
- The way random numbers are generated is also important. Pseudorandom numbers could possibly have mathematical backdoors involved which could make encryption ineffective from the actor who discovers such exploits. Thus, ensure that your random number generator is not encumbered with such security problems, by getting randomness from dice, mouse movement, or environmental detectors (radiation is most useful).
- Are you under direct threat from foreign governments or foreign actors? - Get assistance and support from your country of citizenship immediately, and if possible, use devices that they trust with security clearance. Even Windows and other proprietary systems may sometimes be acceptable in this case, since direct clients get direct input into the source code. If no support is given, follow the next step instead.
- Are you under direct threat from your own government or people in power? Avoid all electronics as much as possible. Watch out for any cameras or microphones nearby. Especially do not use a smartphone or even a cellphone with a baseband, since these can be exploited to read the data on your phone.
- Your best bet is to get a ThinkPad X60 (super cheap on eBay), software flash it to Libreboot, and use TAILs or Trisquel to communicate using Onion Networks like Tor or i2p only.
- Are you in China? Buy a iPhone (64-bit 5 or newer still updated by Apple), since it has the most compatibility despite providing the most privacy options relevant to protecting a Chinese citizen/resident. Apple consistently refuses to provide its own government access to backdoors, and it would not be allowed by US agencies to directly provide it to China of all countries. (though you should still be wary of zero day exploits) For example, all uses of microphone, location, and other permissions of privacy importance. Although many Chinese apps demand all permissions or stop functioning, such as WeChat, you might as well not use them in that case.
- Signal Private Messenger works fine to and from China.
- Avoid any Chinese-designed Androids entirely. They often come built in with invasive apps, some of which may have backdoors for the government.
