Se è vero che la prudenza non è mai troppa, l’accordo siglato da Panasonic con la software house Red Bend dovrebbe essere da tutti ben accetto, in particolare dai futuri clienti dell’azienda, che potranno vantare un sistema di sicurezza di alto livello per i dati personali contenuti nel proprio smartphone.
Vedendo nella natura open-source di Android una debolezza in termini di sicurezza, Panasonic e Red Bend hanno creato uno spazio isolato dal resto del sistema a cui si accede solo tramite password o smart card, con i dati personali criptati nella ROM per prevenire eventuali tentativi di reverse-engineering: tale cartella è gestita da vLogix Mobile Linux, un OS virtualizzato che gira in maniera indipendente da Android (vedi schema in alto).
Ulteriori dettagli tecnici non sono al momento noti, né sappiamo se e quando sarà disponibile, ma per chi è preoccupato in materia di sicurezza si tratta senz’altro di una partnership da tenere d’occhio. Di seguito il comunicato stampa in inglese.
Panasonic Develops New Solution to Protect Personal Data on AndroidTM Smartphones Collaborating with Red Bend Software
Osaka, Japan – Panasonic today announced the development of a new solution to protect personal data such as photos, videos, documents and e-mails stored on Android smartphones. Developed in collaboration with Massachusetts-based Red Bend Software*, this solution enables to prevent leakage of personal data from lost smartphones or unintended behavior of downloaded applications. Panasonic plans to incorporate this solution into its future smartphone models.
As smartphones are increasingly used to perform many tasks, including photo and video shooting and e-mailing, a lot of personal data have come to be stored in smartphones today. Therefore, the loss of a smartphone can lead to the risk of leaking personal information. In addition, a variety of networkable-applications are now available, and smartphone users can download them to access cloud-based services. On the other hand, these applications can present security risks, such as an unintended transfer of information and data on the smartphone via the network.
In the case of traditional phones such as feature phones, terminal manufacturers have incorporated a protection mechanism called “secret mode” or “privacy mode” in their phones by developing dedicated application software and dedicated content file formats as a set. However, with the spread of smartphones, application software is now developed by third-parties in an open environment. This made it difficult to realize personal content protection with a set of dedicated application software and dedicated content file formats in an open environment like Android, since a variety of applications freely developed by third-parties started to be downloaded and executed.
In the new solution, a new mechanism was constructed to configure a folder to protect and store personal data. This protected area inside the smartphone is isolated from the Android platform, using a virtual machine. This enables to control access to the folder containing the personal contents via the menu on the smartphone and application software on Android. Therefore, the solution will enable to protect the personal contents by combining with personal authentication such as the use of passwords or an IC card.
This technology has the following features.
A folder with protection function, which is virtually isolated from Android platform and accessible from application software on Android platform, is configured under lock/unlock control. Because the Android platform itself has not been modified, standard Android application software can be used normally.
Since the folder to store data is locked and unlocked just like a safety box, many kinds of content file formats such as private photos, videos, memo pads, or other documents can be protected. Regarding e-mails, they can also be easily protected by assigning message folders to this folder with protection function.
It has been achieved using the following key technologies:
(1) Multiple OS implementation technology on a single CPU by means of virtualization software
By utilizing Red Bend’s mobile virtualization software, vLogix MobileTM, it is possible to enable the coexistence of multiple OSes running on a single CPU. In this cooperation, Panasonic and Red Bend have introduced an environment in which a Linux-based OS and the Android platform coexist. The collaboration has led to a rapid decrease in development costs.
(2) Implementation of a folder with protection function on Linux OS which can be accessed with authentication from application software on Android platform
Information which a user wants to protect is stored in a folder which is not on the Android platform but on the Linux OS, and the folder is disclosed to Android platform under a certified condition only. Previously, dedicated application software was required for each OS when multiple OSes are running on the virtualization software. However, by utilizing the new technology, Android applications can be used normally. Furthermore, this technology can even be applied to the various applications developed by third-parties.
(3) Protection technology for OS executable codes by encryption
Not only the important information but also the entire Linux environment including authentication services is encrypted in ROM (Read Only Memory). This increases the level of security by preventing reverse engineering of an authentication service process or preventing attacks that try to modify this code.