Linux Vendor Strengthens Smartphone Security
The new code, called the Mobile Security Engine, uses 128-bit AES encryption and digital certificates to protect the operating system itself from being tampered with, as well as all files on the handset. It also creates a protected space, called a sandbox, where applications that lack digital signatures are stored and given only restricted access to a subset of the phone's features and resources.
A la Mobile was founded in June 2005 with a bold ambition: to develop its Convergent Linux Platform (CLP) aimed at smartphone manufacturers, as a Linux alternative to Microsoft Windows Mobile, the Symbian operating system and PalmOS. The goal was to take a Linux kernel distribution and build around all the features needed in a full-blown operating system, according to Pauline Alker, co-founder and CEO of a la Mobile, based in San Ramon, Calif. The company is funded by Venrock Ventures, based in Menlo Park, Calif.
Linux for mobile devices has plenty of fans, including Palm, which has said it will introduce a version of PalmOS running over a Linux kernel by the end of 2007. Late in 2006, electronics maker First International Corp. unveiled a smartphone running an open Linux-based mobile software platform developed by one of its own product managers.
The security component is intended to bulletproof smartphones running the CLP software by blocking ways of hacking into the phone, says Dirk Sigurdson, the company's senior engineer and author of the new code. Smartphones can be hacked by using software to read the phone's flash chip, or by introducing a malware program onto the phone, or with a device known as a "flash [memory] probe," Sigurdson says.
The new security engine becomes part of the CLP stack and runs on the smartphone's processor. One element is the secure boot loader, which verifies the authenticity of the bootloader, using digital signatures and certificates, clearing the way for the initial boot code to be loaded. The engine also authenticates the kernel, which only then passes to the boot loader. "We prevent software-based attacks by making sure no one can replace our kernel with an unsigned kernel," Sigurdson says.
The engine also creates an encrypted file system, so that all data stored on the device encrypted. A third element digitally signs all applications that are embedded as part of the operating system stack. A certificate with a public encryption key is added to the end of the application's executable file, along with the digital signature. When the application is loaded on the handset, the engine verifies the application's certificate, then the digital signature. Only then can the application actually run.
If the user loads an unsigned application, and runs it, the security engine restricts it to the sandbox, a separate 'container' that can access some but not all of the handset's resources. For example, an unsigned application might be blocked from making a phone call or from changing any of the phone's device settings, says Sigurdson.
The last element of the security engine is used to authenticate that wirelessly-delivered updates to the bootloader, the kernel, or the application are digitally signed and verified before the updates are applied.
All of these features are invisible to the user. CEO Pauline Alker says a la Mobile is the first platform vendor to offer this degree of security on a mobile Linux operating system.
The new security engine for a la Mobile's Convergent Linux Platform is available now, as a standard part of the software stack.