Mohit Arora, Sr. Systems Engineer and Security Architect, Freescale Semiconductor
EETimes (8/31/2012 5:05 PM EDT)
[Part 1 covers the general Android architecture, including a look at the basic Android platform and the associated framework, as well as commonly used terminology like "rooting" and "flashing." Part 2 takes a deep dive into what really happens at the hardware level during an unlock operation, and tricks that hackers use to fool or bypass bootloaders and install custom ROMs. Part 3 covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised.]
This is the fourth article in a series and the final one; the first three articles focused on understanding hardware and software aspects of the Android/open system, associated components, along with how hackers bypass security mechanisms to unlock phones as well as defeat security mechanisms in order to get a root access and install custom ROM to customize a phone to suit their needs.
Due to the open nature of Android OS, manufacturers will always be under pressure to provide a mechanism that will allow Android developers to install custom ROMs, which is one of the main attractions for many developers adopting Android. On the other hand, this will always keep a check on security measures that are deployed to be able to meet the best of both the worlds (enough security to protect the consumers that will never customize their phone versus capability to unlock and load custom ROM for developers who wants to customize their phones) versus what could have been done further to strengthen security measures and avoid manipulations.
Leveraging the security solutions described earlier in this series, let's apply them to embedded products other than mobile phones, that do not have this manufacturer dilemma and are mainly concerned with providing reasonable security.
Click here to read more ...