← Back to team overview

ubuntu-phone team mailing list archive

Re: Is ubuntu phone resistant to vault 7 attacks?

 

Hello,

There seems to be a great opportunity to obtain a higher level of security
with Ubuntu Touch than with Android.

After reading through this thread i understand that no firewall is needed
since ports are exposed at this time. Is this a design decision? if so, how
will future applications work in case they might need to open ports ? Since
there is no firewall does it mean that an app can start listening to a port
at any moment?

I also understand that the userspace in Ubuntu is simpler to see what is
going on inside, however i don't understand how this makes it more secure
than Android.

Is there any existing work in Ubuntu Touch related to hardening the kernel
or userspace? I have seen here:
https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement

that AppArmor is used for application sandboxing. Is this the current
method applied in Ubuntu Touch ?

Is there any page where one can find a comparative of Ubuntu touch and
Android from a security perspective? Clarifying the situation will give
everyone more confidence.

Kind Regards,
Ermis

On Fri, Mar 10, 2017 at 5:13 AM, Unix One <unix1@xxxxxxxx> wrote:

> On 03/09/2017 11:53 AM, Rodney Dawes wrote:
> > You used the SDK or phablet-shell tool to connect to the device over
> > ssh, which enabled it. It is not enabled by default on phones, even
> > when developer mode gets enabled. It also only accepts key based login,
> > and a unique key is generated for this when you use the SDK or phablet-
> > shell command to connect over ssh.
>
> Aha! Yes - I did indeed use the SDK for development. That makes sense.
>
> > Really, it should be only bound on "local" interfaces, and not the
> > cellular modem connection.
>
> +1, and maybe additionally - if SDK/IDE turns it on when it needs it, it
> should also turn it off when it's done.
>
> > Yes, you would need to disable ssh with android-gadget-service, to
> > disable it.
>
> Thanks for the tip!
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp
>

References