Security features

From Omni
Jump to: navigation, search


Make physical attacks more difficult Reboot device when on lockscreen, if unknown ADB host key is presented. This will make it more necessary for an attacker to reboot the device. This locks the device using device encryption (anyone who cares about physical attacks should be using device encryption already!) and

Separate encryption and lockscreen passwords/PINs This patch removes the link between lockscreen and device encryption passwords and PINs. Changing the lockscreen PIN/password will not adjust the encryption one. Likewise, a new option is added to permit changing the encryption password (when a device is encrypted), without changing the lockscreen password. and



Option to disable front and or rear camera due to the risk of mallware/bad apps hijacking the camera.

Implementing xprivacy as part of the rom Its on Pulser's list.

ARP Monitoring Detect and block wifi when a arspoof is detected, to prevent MITM.

Changing hostname Currently the hostname is the same as the phone name, this reveals a bit of information. A option should be added to change the hostname.

Chrooting the webbrowser Webbrowsers are a big attack platform, the webbrowser should be chrooted.

Spoofing identifying bits of the webbrowser A incognito mode should be included in the webbrowser. Also the useragent, font cache, plugins, screen resolution, cookies and other data should be spoofed to prevent browser fingerprinting.

Rebuild the contact system Build a safe contact system that uses vcards with pgp keys, these vcards can only be exchanged trough NFC or QR codes. These PGP keys can later be used for secure chatting/emailing.

Adjust the wifi drivers currently wifi drivers broadcast all known accespoints, therefore making it possible to determen where a person have been just by observing his wifi traffic. The wifi system should wait for a ssid to apear that is known to the system and then authenticate with it instead of broadcasting on best efford.

Adjust the DNS servers In a attempt to reduce the metadata, dns servers should be set to opendns and DNScrypt should be activated.

HTTPS everywhere mechanism In a attempt to reduce datasurvailance, a mechanism should be implemented that checks if a https version of a adress is available. such a project already exists for webbrowsers: link.

Per interface firewall Make a firewall with a solid gui that allows blocking apps internet acces per interface, with a option to black/whitelist applications. Option to drop ICMP (only related, established) and maybe portscan detection.

Disable google's phone home include a option to disable google's phone home traffic.

Duress PIN A duress PIN should permit the user to either wipe the volume encryption keys (i.e. erase the header), or use an alternative "user profile" to demonstrate the phone is operational. Optionally, another PIN may be available, which will trigger a message to be sent to a user-specified location, then reboot and restore the phone to a pre-saved configuration on the device (i.e. copying a filesystem image to /cache, and flashing that over the /data partition in recovery). Keys should be wiped during this process.

Protection against cold boot attacks Include protection against old boot attacks by not storing the dm_crypt encryption key in RAM. For example with ARMORED:

Enabling diceword-style passphrases The AOSP keyboard currently doesn't allow swiping in password dialogs, which is hindering the use of very secure but easy-to-remember diceware passphrases consisting of 6+ short random words from a list of 7776. Proposal: Enable swiping in textPassword fields with the AOSP keyboard, using the most likely word, showing it for 1 second or two. If backspace is hit, the whole last word should be deleted.