Android multiuser model architecture and related security threats

Android-HolesI have recently bumped into a very interesting research article called “A Systematic Security Evaluation of Android’s
Multi-User Framework” and want to leave here a digest and some of my analysis in the aspect of Enterprise use. I recommend reading the paper for more details, it’s only 10 pages. The more I learn of Android, the more it reminds me of a cheese grater (other OSes are no better). This doesn’t include any of Android L enhancements, as those are not officially released yet.



Does HTTPS really provide 100% privacy?

It all started with this blog mentioning HTTPS MITM possibilities. Quote:

Do you really believe you have end to end secure connection with your bank when you access your account from the office? Think again.

This got me into some research, especially after a few days later an announcement from CloudFlare came out. Here are the results: there are at least two scenarios for TMITM (Trusted Man In The Middle) HTTPS interception.


Wi-Fi Market Riddles: “Cheap” vendors are not that cheap

Ok, how many times have you seen small deployments based on T2/T3 vendors such as D-Link, Ubiquiti, Mikrotik or EnGenius? In most cases people choose them for simple installation/configuration (RF Design? What is RF design?) and attractive prices …until recently, that is. Here’s a couple of announcements from my RSS feed (from a site I highly recommend), that I did not have time to read …until recently that is.

W00t? Now, of course, these are 3×3:3 802.11ac APs, but I know some Cisco/Aruba/Motorola 802.11ac APs (2×2 though) that are around $400-$500 RRP. Of course, in case of Cisco/Aruba, there’s also a hidden cost of controller (Independent/Instant APs cost nearly 2x more). And Motorola’s are ‘Express‘ version (up to 25 APs can work together w/o controller, but they are not available in some regions). But anyway, seeing such situations is very interesting.

Which one would you choose?

  • Will you go for a more expensive 3×3:3 AP from a Tier3 vendor instead of 2×2:2 AP from a Tier1 one?
  • Will you go for a similarly priced 3×3:3 AP from a Tier3 vendor instead of 2×2:2 AP from a Tier1 one?
  • What matters more: speeds, features, support, brand name?

My humble opinion is that the most important is the network designer/installer behind it all. What do you think?