1 Hellaphone: Replacing the Java in Sandia National Labs July 2012 Collaborators: Joshua Landgraf, Joel Armstrong Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy s National Nuclear Security Administration under contract DE-AC03-94AL SAND C.
2 Biography Computer engineer by training (RIT) Been interested in operating systems since high school Work for Sandia National Labs, California High performance computing Mobile Security I like open source and Sandia is down with that Goal: open up as much of my work as possible
3 Totally ruling the world A computer in my pocket? Awesome! It can make phone calls too? Smartphones Nifty sensors: camera, GPS, accelerometer Read , browse the web, take pictures, get driving directions, play games Manage your passwords, 2 factor auth, Google Wallet
4 Why smartphones kinda suck Blackberry, iphone, Windows: all closed-source RIM will decrypt your messages for the government  iphone Tracks your movements  DoS attack via SMS  Windows Nobody has one! DoS d via SMS  CarrierIQ 
5 But is still cool, right? Linux-based Open-source Tons of devices (phones, tablets, laptops) Write your own applications no developer fees, no market fees! You can hack the OS if you want Big community of developers and OS hackers
6 kinda sucks too I have to program in WHAT? Vendors have no incentive to update the OS How much do you trust Joe Random s ICS Rom? Security ain t so hot DEF CON 19: fake OTA updates CarrierIQ Malicious apps  About 15 million lines of code, not including Linux. Not very documented hope you like digging! 1.2 GHz processor, 512 MB of RAM, runs like a dog
7 as a Linux platform is unattractive for hacking, sure Really just a thick layer of Java spread on top of a thin Linux cracker Mostly standard Linux underneath Comes with a little busybox environment Cyanogenmod ships a rather nice environment with bash etc. Let s scrape away the Java and build on Linux Bonus: we ll get tons of compatible hardware with all the drivers already written
8 Open-source operating system from Bell Labs, now owned by Vita Nuova Implements the Dis virtual machine Runs natively or hosted on Linux/Windows/OS X/Plan 9 Inspired by Plan 9 Compiles fast, launches fast Runs in a few megabytes About 1 million LOC total This includes the applications and code for native booting (which we don t use) Why not run it on top of s Linux? We get all the hardware drivers (binary blobs, yay!) Makes updating easy no flashing ROMs
9 - Java = Linux The first thing we do, let s kill all the Java Every Java process spawns from "zygote" Eliminate it from /init.rc But / is reset every boot! You can build your own custom ROM Or use our script to grab the running boot image, modify it, and reflash
10 + = Hellaphone Adapt to build for Use AGCC script to build with compilers and libs Most of the Linux code is suitable Some tweaks were needed in bits of assembly or C Had to create support for various bits of hardware Framebuffer adapted from OLPC code Mouse code to parse touchscreen inputs Convert /dev/input events to text and make it available Hack the window manager to make it suitable for a phone.
11 The old window manager
12 The new phone-friendly window manager
13 The drop-down menu
14 It has a browser too
15 Phone-specific stuff devphone talks to the radio Presents a file system interface To make a phone call: echo dial > /phone/phone To receive incoming calls, read from /phone/phone Read will block until a call is incoming Similar interface for SMS Nobody wants to make phone calls like that So we wrote a dialer app and an SMS app Also made early drafts at WiFi and audio drivers (both semi-functional)
16 Dialing application
17 SMS application
18 Neat things to try sandboxing - one instance of OS per app Security hacks If accelerometer reads > 10G, wipe the SD card Fun with 9P Easy to access your files at home Easy to share files with nearby phones Use 9P to export your phone s devices and control them from your PC Anti-theft programs are now easy Just import your phone s GPS device and camera (Thief is probably pretty perplexed anyway)
19 Conclusion It s not that hard to strip down for your own purposes With a bit more work, could be a viable smartphone OS It s fast It s light It s easy to work on It already comes with a bunch of software and infrastructure, you re not going from scratch No app store, but if you didn t write it yourself, you can t trust it anyway, right?
20 Get in! Code at
21 I  Alasdair Allan. Got an iphone or 3G ipad? Apple is recording your moves. April  Dan Goodin. Hijacking iphones and other smart devices using SMS. July  Dan Goodin. BUSTED! Secret app on millions of phones logs key taps. November  Dan Goodin. Malicious apps infiltrate Google s Market. December  Kathleen Hall. BlackBerry to co-operate with police after youths used BBM to organize riots. Blackberry-to-co-operate-with-police-after-youths-used-BBM-to-organise-riots.  Josh Halliday. BlackBerry wins the battle but not the war in India. September  Tom Warren. Windows Phone SMS attack discovered, reboots device and disables messaging hub. windows-phone-sms-attack-discovered-reboots-device-and-disables-messaging-hub/, December 2011.
10 steps to better secure your Mac laptop from physical data theft Executive summary: This paper describes changes Mac users can make to improve the physical security of their laptops, discussing the context
SecuRity technologies for mobile and Byod. Executive summary 1.0 the mobile challenges The volume of new malware that is specifically targeting mobile devices is growing at an almost 1.1 increasing threat
Moto X At a glance Start t Home screen & apps Control & customize Calls Contacts Messages Email Type Socialize Browse Photos & videos Music Books Games Locate & navigate Organize Connect & transfer Protect
CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information
A Parents' Guide to Cybersecurity In partnership with Top 5 Questions Parents Have About Cybersecurity 1.What are the biggest security threats to kids? Children and teens can be caught by the same kinds
BT Business Total Broadband User Guide Contents To install your BT Business Hub, follow your handy Quick Start guide. This User Guide contains more detailed set-up and service information, including troubleshooting.
What would you most ideally like to see developed in the next 10 years? Sometime in the next 10 years, I would love to see some kind of development that allows me to listen to any material that is available
History of Mobile Applications MAS 490: Theory and Practice of Mobile Applications Professor John F. Clark Overview Mobile communication is so integrated into our lives that many people feel uncomfortable
David Chappell December 2011 WHAT IS AN APPLICATION PLATFORM? Sponsored by Microsoft Corporation Copyright 2011 Chappell & Associates Just about every application today relies on other software: operating
Thought Leadership SERIES AUGUST 2011 Unlocking the Power of Mobile Device Management Mobile device management (MDM) is about more than technology it s also about skillful strategic resource management.
UNIVERSITATEA DIN BUCURESTI FACULTATEA DE FIZICA COMPUTER OPERATED RECONNAISANCE ENTITY Graduation Paper Student: ANDREI-LUCIAN BOGZA Coordinator: Lect. Dr. CORNEL MIRONEL NICULAE 2011 Content Content...
The Essential Guide to Mobile App Testing Tips, techniques & trends for developing, testing and launching mobile applications that delight your users A Free Book from utest The Essential Guide to Mobile
AP I Connecting Learning Experiences. Next Gen SCORM What is the Tin Can API? Tin Can is interesting on so many levels and to so many audiences that it is hard to provide a succinct answer. I find it helpful
Contents Introduction What is the Cloud? How does it work? Types of Cloud Service Cloud Service Providers Summary Introduction The CLOUD! It seems to be everywhere these days; you can t get away from it!
Enterprise Readiness of Consumer Mobile Platforms Contents Executive Summary... 3 Mobile Roles and Postures... 4 Mobile Platforms Ratings... 6 BlackBerry OS... 9 Apple ios... 11 Google Android... 13 Microsoft
Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW
Enterprise Mobility 2nd Edition by Carolyn Fitton, Tom Badgett, and Corey Sandler Enterprise Mobility For Dummies, 2nd Edition Published by: John Wiley & Sons Canada, Ltd. 6045 Freemont Blvd. Mississauga,
CMSGu2013-02 Mauritian Computer Emergency Response Team Enhancing Cyber Security in Mauritius Guideline on Mobile Devices Security (Updated) National Computer Board Mauritius Version 2.0 May 2013 Issue
Creating Mobile Learning 7 key steps to designing and developing effective mobile learning kineo Creating Mobile Learning Scoping and scheduling your mobile Step 1: 03 learning project Producing the overall
HTC One mini 2 User guide 2 Contents Contents Unboxing HTC One mini 2 9 nano SIM card 10 Storage card 11 Charging the battery 13 Switching the power on or off 13 Want some quick guidance on your phone?
BEST PRACTICES FOR SCSP POCS Best Practices for Critical System Protection Proof of Concepts Version 1.0 1 1. UNDERSTANDING SERVER RISK... 4 1.1. HOW TO PROTECT YOURSELF: DEVELOPING SERVER HARDENING CONFIGURATIONS...
Parallels Cloud Server 6.0 Installation Guide November 11, 2014 Copyright 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved. Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen
Michael Hunter's You Are Not Done Yet checklist (c) 2010 Michael J. Hunter You Are Not Done Yet Pick something. Anything. A feature in your favorite software application, your favorite toy, your favorite
APRIL 2015 VOLUME 20 INTERNET SECURITY THREAT REPORT 2 2015 Internet Security Threat Report MOBILE & IOT WEB THREATS SOCIAL MEDIA & SCAMS TARGETED ATTACKS 4 Introduction 5 Executive Summary 9 IN NUMBERS