On Jun 11, 2013, at 9:13 PM, Jonas Sicking wrote:
> On Mon, Jun 10, 2013 at 11:09 PM, Paul Theriault <[email protected]>
> wrote:
>> I've started a risk assessment here:
>> https://wiki.mozilla.org/Security/Reviews/AppsOnSDcard
>> I'll keep it updated as the discussion continues.
>>
>> On Jun 11, 2013, at 8:26 AM, Anthony Jones wrote:
>>
>>> On Mon, Jun 10, 2013 at 9:23 AM, Mike Habicher <[email protected]> wrote:
>>>> On 13-06-10 12:18 PM, Jonas Sicking wrote:
>>>> I think someone else has already mentioned that since USB mass storage mode
>>>> mounts the SD card as a block device, there's no security we can provide to
>>>> the contents of the SD card when the phone is plugged into a PC with USBMS
>>>> enabled.
>>>
>>> Using a loopback device would allow us to use directory permissions. If
>>> we want the data to be non-transferable then we encrypt it and store the
>>> key on the main flash. Storing the encryption key in the network (or the
>>> SIM) would make it transferable.
>>
>> In such a manner that you don't have to just steal both the sdcard & the SIM
>> I assume.
>>
>> Encryption is the only effective control against the just reading data off
>> the sdcard directly in another machine, so I think we either need to encrypt
>> the data, or somehow guarantee that sensitive data isn't stored on the
>> sdcard. It would be nice to have encryption support though anyways for
>> improving the protection of all data no matter where it is stored (see the
>> recent discussion around the Gaia credential manager).
>
> Can you explain exactly the type of attack that you're wanting to
> protect against?
Physical access to the phone, either a short period of access ('evil maid') or
the lost device case. IE Someone has physical access to my phone for a short
period of time, i.e. long enough to remove and copy the contents of the sdcard
by removing it, copying its contents and replacing it without me noticing. In
the lost device case currently extracting data is at least limited by a PIN
code and adb restrictions (i.e. there is not trivial way to read information on
/data) Data on an sdcard is much more easily accessible.
>
> / Jonas
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
