Kicksecure - A Security Hardened Linux Distribution

From Kicksecure
(Redirected from Main Page)
Jump to navigation Jump to search

Kicksecure is a free and open-source Linux distribution that aims to provide a highly secure computing environment. It has been developed from the ground up according to a formidable -- and time proven -- defense in-depth security design. In the default configuration, Kicksecure provides superior layered defenses of protection from many types of Malware.

Kicksecure is a complete computer operating system. Numerous applications come pre-installed with safe defaults which can be used immediately upon installation with minimal user input.

Kicksecure promo image

Security Hardened

Kicksecure uses an extensively security reconfigured of the Debian base (Hardened) which is run inside multiple virtual machines (VMs) on top of the host OS. This architecture provides a substantial layer of protection from malware and IP leaks. Applications are pre-installed and configured with safe defaults to make them ready for use with minimal user input.

Torified apt promo image

Secure and Privacy-Protected Software Installation and Upgrades

The security and privacy of default software management (installing and upgrading software) are much better, making it harder for anyone to send you targeted, malicious software updates. This only applies to system updates over Tor, not all your internet traffic. Learn more

Selected software promo image

Curated Software Pre-Selection

In Kicksecure no unnecessary software is installed by default such as exim, samba, cups etc. At the same time security enhancing software like AppArmor, sdwdate and tirdad are preinstalled. Learn more.

Optimized defaults promo image

Optimized defaults

Kicksecure enhances all kinds of security settings, including: kernel hardening, Strong Linux User Account Isolation, disabling legacy login methods, higher quality randomness (entropy), network hardening, root access restrictions, application-specific hardening and much more. Learn more.

Hardening by Default[edit]

Kicksecure is a hardened operating system designed to be resistant to viruses and various attacks. It is based on Debian in accordance with an advanced multi-layer defense model, thereby providing in-depth security. Kicksecure provides protection from many types of malware in its default configuration with no customization required.

Table: Kicksecure Hardening Features

Feature Description
Default Package Selection No unnecessary software is installed by default such as exim, samba, cups that otherwise gets installed by some flavors of Debian. [1]

Secure and privacy-protected operating system (apt) upgrades

Tor logo
Malware updates promo

This helps protect against targeted, malicious software upgrades.

By default, when using APT (Advanced Package Tool) to upgrade the system or install new software, Kicksecure uses torified operating system upgrades. This means all default APT package manager source files are set to only update over the Tor anonymity network. This makes sure that update servers cannot know who the user is or their IP address. As a result, this mitigates targeted malicious software attacks. This protection is not only much stronger than what iPhones or Android devices offer, but it's also better than what most Linux distributions provide.

  • Worst: Most iPhone / Android devices [2] connect to official app stores, and these app stores know the user's identity and IP address, creating a large risk for targeted attacks. [3]
  • Better: Some Linux distributions like Debian do not link the user's identity to update servers, but they still update over the clearnet (regular internet) using the user's real IP address by default.
  • Best: Kicksecure ensures all system updates are done over the Tor network by default. This way, update servers cannot know the user's identity or IP address. [4]

This only applies to system updates. This does not mean that all of your internet traffic is automatically torified (protected by Tor). See also: Privacy Goals and Non-Goals of Kicksecure

Secure Package Sources Configuration HTTPS (TLS) is enabled by default in APT. [5]
TCP ISN CPU
Information Leak Protection
tirdad (TCP Initial Sequence Numbers Randomization)archive.org prevents TCP ISN-based CPU Information Leaks; see footnote. [6]
security-misc security-miscarchive.org enhances miscellaneous security settings related to:
  • kernel hardening settings as recommended by the Kernel Self Protection Project (KSPP)
  • protecting Linux user accounts against brute force attacks
  • enforcing Strong Linux User Account Isolation
  • disabling legacy login methods via Console Lockdown for improved security hardening
  • higher quality randomness (entropy) generation [7]
  • sysctl
  • boot parameters
  • various blacklisted kernel modules
  • network hardening
  • restrictive mount options
  • root access restrictions
  • access rights restrictions
  • application-specific hardening
Secure network time synchronization using sdwdate Secure Distributed Web Date (sdwdate) mitigates threats from time based attacks by not relying upon unauthenticated NTP.
Default security software
installations
Software like AppArmor
Open Link Confirmationarchive.org This is enabled by default and prevents links from being unintentionally opened in supported browsers.
No open ports by default. Kicksecure provides a much lower attack surface since there are no open server ports by default unlike other Linux distributions (such as Debian). All unsolicited incoming connections are rejected.

Kicksecure is an Implementation of the Securing Debian Manual. This chapter has been inspired by: Securing Debian Manualarchive.org, chapter Run the minimum number of services requiredarchive.org

Development Vision[edit]

Introduction[edit]

While many valuable security guides exist, better security and privacy for the masses necessitates software that applies a majority of hardening instructions by default.

This is the reason the Free and Open Source Kicksecure project exist; to offer a system that provides a reasonable security-hardened baseline, with the in-built flexibility to apply additional hardening dependent upon the user's threat model, hardware capabilities, motivation and knowledge. [8] The table below provides a further rationale for this position.

Table: Security Guide Limitations

Factor Description
Initial vulnerability When a base system is first installed, various security customizations are not yet applied. All users are vulnerable during this period.
Recipient insecurity Security principles do not exist in a vacuum:
  • Even after applying various security hardening steps, correspondence/network partners might have serious, unaddressed vulnerabilities.
  • Some security problems cannot be solved by individuals and may rely on factors in the broader ecosystem. For example:
    • Advanced adversaries perform continual surveillance of all Internet traffic and attempt to attribute collected meta-data to individuals.
    • Following a guide to enhance entropy is insufficient if Tor relays being used are insecure.
    • Often personal security can only be improved if the security of others is also improved.
Reliance on human memory Adequate hardening often depends on discovering and remembering to apply all necessary steps from favorite security guides.
Error risks Manually applying security guide steps can lead to mistakes that render the whole procedure ineffective.
Time requirements Security guide steps are often lengthy and cover many different facets of computing.
Secure guide discovery There are countless security/hardening guides available on the Internet. It is impossible to follow them all and serious research is required to find valuable new resources.
Incompleteness Logically there is not one definitive, all-encompassing security guide. This means some users harden the kernel and install CPU microcode updates, while others rely on sandboxing and implement better random number generators, and so on. Most users miss critical elements because they are simply not aware they exist.
Currency Even the best security guides often contain outdated material. This is especially true for technically detailed or lengthy guides that canvass many topics.
Publication form The form of security guides can effect their utility. For example, those published in blogs and which do not allow comments have grave disadvantages compared to systems relying on collaborative version control software (like git) or collaborative websites (such as a wiki). The reason is contributors can easily fix issues or update contents.
Popularity Security guides which have low popularity cannot effect change and improve security practices if most people are unaware they exist.

For these reasons Kicksecure will remain focused on enabling the majority of (reasonable) hardening settings by default, and allowing additional settings to be easily enforced via installable packages. For further information on this topic, see: The Problem with Security Guides and How We Can Fix Itarchive.org.

Implementation of the Securing Debian Manual[edit]

The Kicksecure project has been studying the Securing Debian Manual, is applying operating system hardening by default as much as reasonably possible, and documents its knowledge with updated contents. Unfortunately, the Securing Debian Manual has not been updated in a while [9] and is already somewhat dated.

For attribution, the wiki Template:Sdebian is added to all wiki pages where the Securing Debian Manual has been considered. A list of these pages can be found on Special:WhatLinksHere/Template:Sdebian.

Kicksecure is an Implementation of the Securing Debian Manual. This chapter has been inspired by: Securing Debian Manualarchive.org, chapter Table of Contentsarchive.org

Planned Features[edit]

The Kicksecure development roadmap includes various security improvements:

  • Many features are already available for testing, see Test wiki page.
  • Encrypted and/or authenticated system-wide DNS (domain name resolution) [10] to mitigate against threats from DNS cache poisoning aka DNS spoofingarchive.org. [11] See also DNS Security.
  • Validating DNS.
  • apparmor.d

Kicksecure Development Goals[edit]

Kicksecure is a security-hardened Linux Distribution. (Mobile version not planned yet.)

This section details potential future security enhancements for Kicksecure.

(The wiki source for the following text can be found in Template:Kicksecure_Android.)

Most iPhone / Android devices [2] "Libre Android" [12] Linux Desktop Distributions Kicksecure Development Goals
Upgrades do not require vendor No Yes Yes Yes
User freedom to replace operating system No Yes Yes Yes
Administrator capabilities (root) not refused No Yes Yes Yes
Custom operating system (bootloader unlock) not refused No Yes Yes Yes
No trouble or void device warranty from software changes (rooting or bootloader unlock) No [13] No [14] Yes Yes
No user freedom restrictions No [15] Yes Yes Yes
No backdoors included No [16] Yes Yes Yes
No spyware included in operating system No [17] Yes Yes Yes
No culture of freemium applications that spy on users in appstores No [18] Yes Yes Yes
Culture of Freedom Software in appstores No Yes Yes Yes
Freedom Software No [19] Yes Yes Yes
Compromised application cannot access data of other applications Yes [20] Yes [20] No Yes
Malware on a compromised system cannot easily gain root Yes [21] Yes [21] No [22] Yes
Reasonable resistance against system wide rootkit Yes [23] Yes [23] No Yes
Verified Boot Yes Yes No Yes
Hardened Kernelarchive.org Yes Yes some Yes
Full System MAC Policyarchive.org Yes Yes No Yes
Internal storage can reasonably easily be removed and mounted elsewhere for the purpose of data recovery or hunting malware / rootkits. No [24] No [14] Yes [25] Yes [26]
Internal storage can reasonably easily be decrypted once transferred to a different device if password is known. No [27] No [28] Yes Yes [29]
Can reasonably easily boot from external hard drive, ignoring internal harddrive for purpose of data recovery or hunting malware / rootkits. No No [14] Yes Yes [26]
Can reasonably easily create full data backup. No [30] Yes Yes Yes [26]
Can reasonably easily create full data backup of any app when device is rooted with Titanium Backup or similar No [31] Yes Yes Yes [26]
Applications cannot refuse data backup (for purpose of malware, spyware analysis or backup and restore). No [32] Yes Yes [33] Yes [26]
No culture of users can ask device (code) for permission and device (code) will decide to grant or refuse the request. No Yes Yes [33] Yes [26]
No culture of applications refusing to run if device is rooted. No [34] Yes Yes Yes [26]
No culture of applications refusing to run if using a custom operating system (custom ROM). No [35] Yes Yes Yes [26]
User (privacy) settings are respected. No [36] Yes Yes Yes [26]
WiFi off indicator means that WiFi is really off. No [37] Yes Yes Yes [26]
Bluetooth off indicator means that Bluetooth is really off. No [38] Yes Yes Yes [26]
Prevention of targeted malicious upgrades. [39] No [3] ? [40] ? [41] Yes [42]
Vendors do not sometimes introduce mitigations that introduce attack surface. No [43] Yes Yes Yes [26]
The GNU Project does not state: "Apple's Operating Systems Are Malwarearchive.org" and "Google's Software is Malwarearchive.org". No Yes Yes Yes [26]

Quote More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – researcharchive.org. The operating system of these devices:

  • Do not receive security upgrades from the vendor.
  • Third parties (such as users or the modding community) cannot provide (security) upgrades either due to locked bootloaders, which cannot be unlocked due to vendor decision and due to unavailability of a security bug which could unlock the bootloader.
  • Even if bootloaders can be unlocked there might not be an adequate operating system upgrades available from third parties, such as the modding community. Either due to unpopularity of the devices among modding developers and/or due to technical challenges.

Ability to upgrade (security fixes) devices; replace operating system; bootloader freedom vs bootloader non-freedom:

  • iPhones and some Android devices have locked boot loaders that cannot be unlocked. This restricts user freedom and makes replacing the operating system impossible without a verified boot bypass exploit. In case the vendor deprecated security support for the device, the only choices users realistically have is to keep using an insecure device, or to buy a device which still has security support. Similarly, locked bootloaders also prevent gaining administrator (root) access.
  • Some Android devices do allow unlocking the bootloader but not with custom verified boot keys, causing a decrease in security.
  • Some Android devices (such as the Nexus or Pixel devices) support full verified boot with custom keys that can be used with alternative operating systems.

In conclusion, when using iPhone/Android devices that still receive security updates, the iPhone/Android approach provides strong protection against malware, meaning those platforms are impacted much less than Windows or Linux desktops. [20] Despite the many downsides (Mobile Devices Backdoors in Most Phones Tablets Etc, Data Harvesting by Most Phones, ...), the security model of popular mobile operating systems often affords better protection when attempting to prevent any malicious and unapproved party from establishing a foothold in their ecosystem. In the process, the user's and the security community's ability to audit and control what their devices are actually doing is severely diminished. Due to a Conflict of Interest this comes at the expense of transferring power from the user to the developers, user freedom restrictions, Tyrant Security, War on General Purpose Computing.

Kicksecure will not implement these kinds of user freedom restrictions since it is not required nor desirable. The capability to replace the operating system or gain administrator access will remain fully supported. Many popular device operating systems utilize security technologies which restrict user freedoms. In contrast, Kicksecure aims to utilize the same security concepts for the goal of empowering the user and increasing protection from malware.

It is theoretically possible to provide some of the same iPhone / Android security concepts on a Linux computer too. Steps have already been made to apply mobile device security concepts to Linux distributions such as security-miscarchive.org and apparmor.darchive.org. Security technologies like hardened kernels or verified boot used by popular mobile operating systems could also be ported to Linux distributions. Community contributions are gladly welcomed! Here is a list of potential security enhancements for Kicksecure:

Design[edit]

Usability by Default[edit]

While developed with security-focused design goals, Kicksecure remains highly flexible. The layered approach to security allows applications to retain usability. Kicksecure can be used for everyday "general-purpose computing" or for more risky activities that require a highly advanced security-centric platform. Since Kicksecure is Freedom Software users may install any application of their choosing -- no restrictions are placed on how Kicksecure can be used, customized or modified.

Kicksecure aims to maximize usability by default so it can be utilized as an everyday, multipurpose operating system by users of all skill levels.

Table: Kicksecure Usability Features

Feature Description
Debian Usability Fixes
  • Functional default APT sources configuration. [44]
  • sudo pre-configured by default. [45]
  • bash-completion installed by default so for example by typing sudo apt install libreo followed by the TAB key a word completion to libreoffice will be suggested.
  • zsh installed as default shell that supports TAB word completion, colorful output, etc.
Simplicity and flexibility
  • Package shared folder helparchive.org simplifies shared folder set up for virtual machines. [46]
  • Package usabilty-miscarchive.org is installed by default, increasing flexibility and providing numerous, miscellaneous usability features. [47]
Popular applications Popular applications come pre-installed and configured with safe defaults to make them ready for use right out of the box.
Data protection Sensitive user data is protected by state-of-the-art cryptographic tools:

Based on Debian[edit]

Info Tip: Since Ubuntu is a Debian derivative, online help for Ubuntu most often works for Kicksecure.

In oversimplified terms, Kicksecure is just a collection of configuration files and scripts. Kicksecure is not a stripped down version of Debian; anything possible in "vanilla" Debian GNU/Linux can be replicated in Kicksecure.

Likewise, most problems and questions can be solved in the same way. For example: "How do I install VLC Media Player on Kicksecure?" -- "The same way as in Debian apt install vlc."

Kicksecure does not break anything, limit functionality, or prevent installation of compatible software.

Based on Freedom Software[edit]

Many people wonder why developers would spend countless hours of their own time to build an operating system and then give it away. Kicksecure developers believe it is immoral to benefit from those Freearchive.org / Freedom Software components and give back nothing to the community. We stand on the shoulders of giants. Kicksecure and many other Libre software projects are only made possible because people invested time in writing code and kept it accessible for the public's benefit. Of course, a lot of us just find it great fun.

User Population / Promotion[edit]

  • Apply as many security settings by default without breaking usability too much.
  • Kicksecure is already the base for Whonix - Anonymous Operating System.

https://www.wilderssecurity.com/threads/hardened-debian-in-development-feedback-wanted.408245/archive.org

Releases[edit]

Kicksecure Version[edit]

Each Kicksecure release is based on a particular version of Debian:

Kicksecure version Debian Version Debian Codename
Kicksecure 17.2.8.5 12 bookwormarchive.org

Users can manually check the Kicksecure version at any time by following this step.

Release Schedule[edit]

Kicksecure does not have a fixed release schedule. A new stable release only becomes available when it is deemed ready.

Support Schedule[edit]

Table: Kicksecure Support Schedule

Release Description
New Debian Release One month after a new stable version of Debian is released, Kicksecure VMs may no longer be supported on any older version of Debian. All users must upgrade the Debian platform promptly after the deprecation notice in order to use Kicksecure safely.
New Kicksecure Release One month after a new stable version of Kicksecure is released, older versions will no longer be supported. All users must upgrade the Kicksecure platform promptly in order to remain safe.
Deprecation Notices The deprecation notice is provided at least one month in advance and posted in the kicksecure.com news forumarchive.org. Stay Tuned! All users must upgrade the respective platform promptly in order to remain safe.

Next Steps[edit]

Learning more about Kicksecure is the best way to determine whether it is a suitable solution in your personal circumstances. The following chapters are recommended:

  • The Warning page to understand the security limitations of Kicksecure.
  • Further information about Kicksecure Features.
  • The implied Trust placed in Kicksecure when it is used.
  • The Security Guide, Advanced Security Guide and Design chapters detailing the Kicksecure specifications, threat model and implementation.
  • Other relevant Documentation explaining how to use Kicksecure safely.

Help Wanted[edit]

  • Kicksecure will hopefully soon become available as a Template for Qubes OSarchive.org.

Footnotes[edit]

  1. Debian bookworm Xfce live ISO installed exim, samba, cups by default.
  2. 2.0 2.1 Most iPhone / Android phones that are sold by mobile carriers or manufacturers have locked bootloaders. These phones are often packaged with spyware installed by default, which cannot be removed. There may be rare exceptions to this rule, hence "most" and not "all". These exceptions are not the point which shall be made in this comparison. See the "Libre Android" column for what is theoretically possible.
  3. 3.0 3.1 Most android phones have a feature which allows to login on google play web/desktop version using the same e-mail address which is used on the phone. Usually the same gmail address. When clicking install for an app using the google play web/desktop version, the user will be prompter (in case of having registred multiple devices) on which device the app should be installed. After pressing install, the app will be installed on the phone. This videoarchive.org demonstrates this. It is therefore established that the google website can result in remote app installation on the phone. It follows that a coerced or compromised google play website could do the same. Since the gmail based web login can be linked to the same gmail address on the phone, pushing targeted malicious upgrades is esspecially easy. Even if a phone was always fully torified (all traffic routed over Tor) the gmail identifier could still be used. While Tor can anonymize the connection, it does not (and should not) attempt to modify anything inside the traffic (the gmail identifier).
  4. Debian installed using a Debian bookworm Xfce live ISO calamares came with an /etc/apt/sources.list file using http:// (unencrypted) instead of the more secure https:// (TLS) by default.
  5. The Linux kernel has a side-channel information leak bug. It is leaked in any outgoing traffic. This can allow side-channel attacks because sensitive information about a system's CPU activity is leaked. It may prove very dangerous for long-running cryptographic operations. Research has demonstrated that it can be used for de-anonymization of location-hidden services.

  6. Better encryption is achieved via preinstalled random number generators, specifically:
    • Loading of the jitterentropy-rng kernel module by default.
    • Installation of the user space entropy gathering daemons haveged and jitterentropy-rng by default.
    • See also: Dev/Entropy.
  7. It is also accepted that no "perfect configuration" exists that can make a system invulnerable against advanced adversaries. Further, systems that are excessively hardened can become almost unusable except for the most advanced individuals.
  8. Securing Debian Manual: still referring to:
    • sysvinit and not mentioning systemd
    • initrd and not mentioning dracut
  9. use DNSCrypt by defaultarchive.org
  10. DNS spoofing results in traffic being diverted to the attacker's computer (or any other computer).
  11. There is no "Libre Android" at time of writing. It's only a concept to illustrate a point. There is no "perfect" Android distribution. GrapheneOS has verified boot but root access is refused in default buildsarchive.org. Replicant allows root access, but no references were found that Replicant makes use of verified boot yet. It's not relevant to pick any specific Android distribution for the sake of making the point "iPhone and Android Level Security for Linux Desktop Distributions" no specific Android distribution was chosen for this compassion. A "perfect" Android distribution checking all "green yes" is possible in theory. It doesn't exist due to policy decisions. (GrapheneOS vs root in default builds vs device selection / features.) There are no technical reasons for non-existence. See also this Overview of Mobile Projects, that focus on either/and/or security, privacy, anonymity, source-available, Freedom Software..
  12. https://www.howtogeek.com/240417/does-rooting-or-unlocking-void-your-android-phones-warranty/archive.org
  13. 14.0 14.1 14.2 Same issue as Most iPhone / Android devices since inheriting the same hardware limitations.
  14. Mobile Devices Restrictions
  15. Mobile Devices Backdoors in Most Phones Tablets Etc
  16. Data Harvesting by Most Phones
  17. Data Harvesting by Most Apps
  18. Comes with a lot proprietary software installed by default.
  19. 20.0 20.1 20.2 That would require an exploit. In comparison, a compromised application on the Linux desktop running under user has full access to all information which that user has access to, including all files, keystrokes and so on. The exception is when mandatory access control (MAC)archive.org is in use and successfully confines that application.
  20. 21.0 21.1 Occasionally there are exploits that allow applications to gain root, but as time passes more of these vulnerabilities are being fixed.
  21. On the Linux desktop the process of Preventing malware from Sniffing the Root Password is cumbersome and unpopular. Therefore any compromised application on the Linux desktop could lead to root compromise. This in turn might compromise the bootloader, kernel, or even hardware. It is difficult to detect malware, remove a rootkitarchive.org and indicators of compromise are rare.
  22. 23.0 23.1 Through verified boot.
  23. This is a hardware limitation. Internal storage is a chip and soldered. Removal is an operation which most repair shops are incapable of performing. Even if removed, it's not easy to find a device which can read the device without booting from it. Perhaps it could be booted from in another device, but that would be beside the point. If the operating system is unbootable due to software issues, it will also be unbootable elsewhere. If malware analysis is the goal, then no code from the suspected infected storage device should ever be executed.
    Even worse if full disk encryption was used as per next table entry.
    Hence, not "reasonably easily" possible.

    Quote How to fully backup non-rooted devices?archive.org:

    For 4.0+ devices there is a solution called "adb backup".

    Note: This only works for apps that do not disallow backup! Apps that disallow backup are simply ignored when creating a backup using this way.

    Information from Copy full disk image from Android to computerarchive.org does not work for non-rooted / non-rootable devices.

    Taking a non-rooted Android device with GrapheneOS, contributed by a user.

    $ adb devices
    List of devices attached
    xxxxxxxxxxx    device
    
    $ adb root
    adbd cannot run as root in production builds
    
    $ adb shell
    walleye:/ $ ls
    ls: ./init.zygote64_32.rc: Permission denied
    ls: ./init.rc: Permission denied
    ls: ./init.usb.rc: Permission denied
    ls: ./ueventd.rc: Permission denied
    ls: ./init.zygote32.rc: Permission denied
    ls: ./init: Permission denied
    ls: ./cache: Permission denied
    ls: ./init.environ.rc: Permission denied
    ls: ./persist: Permission denied
    ls: ./postinstall: Permission denied
    ls: ./init.usb.configfs.rc: Permission denied
    ls: ./metadata: Permission denied
    acct apex bin bugreports charger config d data debug_ramdisk default.prop dev dsp etc firmware lost+found mnt odm oem proc product product_services res sbin sdcard storage sys system vendor
    1|walleye:/ $ sudo ls
    /system/bin/sh: sudo: inaccessible or not found
    127|walleye:/ $ su
    /system/bin/sh: su: inaccessible or not found
    127|walleye:/ $
    
    walleye:/dev/block $ ls -lah
    total 0
    drwxr-xr-x  6 root   root       2.4K 1970-07-03 11:40 .
    drwxr-xr-x 18 root   root       3.9K 2020-05-26 15:41 ..
    lrwxrwxrwx  1 root   root         37 1970-07-03 11:40 bootdevice -> /dev/block/platform/soc/1da4000.ufshc
    drwxr-xr-x  2 root   root       1.6K 1970-07-03 11:40 by-name
    brw-------  1 root   root   252,   0 1970-07-03 11:40 dm-0
    brw-------  1 root   root   252,   1 1970-07-03 11:40 dm-1
    brw-------  1 root   root     7,   0 1970-07-03 11:40 loop0
    brw-------  1 root   root     7,   8 1970-07-03 11:40 loop1
    brw-------  1 root   root     7,  80 1970-07-03 11:40 loop10
    brw-------  1 root   root     7,  88 1970-07-03 11:40 loop11
    brw-------  1 root   root     7,  96 1970-07-03 11:40 loop12
    brw-------  1 root   root     7, 104 1970-07-03 11:40 loop13
    brw-------  1 root   root     7, 112 1970-07-03 11:40 loop14
    brw-------  1 root   root     7, 120 1970-07-03 11:40 loop15
    brw-------  1 root   root     7,  16 1970-07-03 11:40 loop2
    brw-------  1 root   root     7,  24 1970-07-03 11:40 loop3
    brw-------  1 root   root     7,  32 1970-07-03 11:40 loop4
    brw-------  1 root   root     7,  40 1970-07-03 11:40 loop5
    brw-------  1 root   root     7,  48 1970-07-03 11:40 loop6
    brw-------  1 root   root     7,  56 1970-07-03 11:40 loop7
    brw-------  1 root   root     7,  64 1970-07-03 11:40 loop8
    brw-------  1 root   root     7,  72 1970-07-03 11:40 loop9
    drwxr-xr-x  2 root   root         80 1970-07-03 11:40 mapper
    drwxr-xr-x  3 root   root         60 1970-07-03 11:40 platform
    brw-------  1 root   root     1,   0 1970-07-03 11:40 ram0
    brw-------  1 root   root     1,   1 1970-07-03 11:40 ram1
    brw-------  1 root   root     1,  10 1970-07-03 11:40 ram10
    brw-------  1 root   root     1,  11 1970-07-03 11:40 ram11
    brw-------  1 root   root     1,  12 1970-07-03 11:40 ram12
    brw-------  1 root   root     1,  13 1970-07-03 11:40 ram13
    brw-------  1 root   root     1,  14 1970-07-03 11:40 ram14
    brw-------  1 root   root     1,  15 1970-07-03 11:40 ram15
    brw-------  1 root   root     1,   2 1970-07-03 11:40 ram2
    brw-------  1 root   root     1,   3 1970-07-03 11:40 ram3
    brw-------  1 root   root     1,   4 1970-07-03 11:40 ram4
    brw-------  1 root   root     1,   5 1970-07-03 11:40 ram5
    brw-------  1 root   root     1,   6 1970-07-03 11:40 ram6
    brw-------  1 root   root     1,   7 1970-07-03 11:40 ram7
    brw-------  1 root   root     1,   8 1970-07-03 11:40 ram8
    brw-------  1 root   root     1,   9 1970-07-03 11:40 ram9
    brw-------  1 root   root     8,   0 1970-07-03 11:40 sda
    brw-------  1 root   root     8,   1 1970-07-03 11:40 sda1
    brw-------  1 root   root     8,  10 1970-07-03 11:40 sda10
    brw-------  1 root   root     8,  11 1970-07-03 11:40 sda11
    brw-------  1 root   root     8,  12 1970-07-03 11:40 sda12
    brw-------  1 root   root     8,  13 1970-07-03 11:40 sda13
    brw-------  1 root   root     8,  14 1970-07-03 11:40 sda14
    brw-------  1 root   root     8,  15 1970-07-03 11:40 sda15
    brw-------  1 root   root   259,   0 1970-07-03 11:40 sda16
    brw-------  1 root   root   259,   1 1970-07-03 11:40 sda17
    brw-------  1 root   root   259,   2 1970-07-03 11:40 sda18
    brw-------  1 root   root   259,   3 1970-07-03 11:40 sda19
    brw-------  1 root   root     8,   2 1970-07-03 11:40 sda2
    brw-------  1 root   root   259,   4 1970-07-03 11:40 sda20
    brw-------  1 root   root   259,   5 1970-07-03 11:40 sda21
    brw-------  1 root   root   259,   6 1970-07-03 11:40 sda22
    brw-------  1 root   root   259,   7 1970-07-03 11:40 sda23
    brw-------  1 root   root   259,   8 1970-07-03 11:40 sda24
    brw-------  1 root   root   259,   9 1970-07-03 11:40 sda25
    brw-------  1 root   root   259,  10 1970-07-03 11:40 sda26
    brw-------  1 root   root   259,  11 1970-07-03 11:40 sda27
    brw-------  1 root   root   259,  12 1970-07-03 11:40 sda28
    brw-------  1 root   root   259,  13 1970-07-03 11:40 sda29
    brw-------  1 root   root     8,   3 1970-07-03 11:40 sda3
    brw-------  1 root   root   259,  14 1970-07-03 11:40 sda30
    brw-------  1 root   root   259,  15 1970-07-03 11:40 sda31
    brw-------  1 root   root   259,  16 1970-07-03 11:40 sda32
    brw-------  1 root   root   259,  17 1970-07-03 11:40 sda33
    brw-------  1 root   root   259,  18 1970-07-03 11:40 sda34
    brw-------  1 root   root   259,  19 1970-07-03 11:40 sda35
    brw-------  1 root   root   259,  20 1970-07-03 11:40 sda36
    brw-------  1 root   root   259,  21 1970-07-03 11:40 sda37
    brw-------  1 root   root   259,  22 1970-07-03 11:40 sda38
    brw-------  1 root   root   259,  23 1970-07-03 11:40 sda39
    brw-------  1 root   root     8,   4 1970-07-03 11:40 sda4
    brw-------  1 root   root   259,  24 1970-07-03 11:40 sda40
    brw-------  1 root   root   259,  25 1970-07-03 11:40 sda41
    brw-------  1 root   root   259,  26 1970-07-03 11:40 sda42
    brw-------  1 root   root   259,  27 1970-07-03 11:40 sda43
    brw-------  1 root   root   259,  28 1970-07-03 11:40 sda44
    brw-------  1 root   root   259,  29 1970-07-03 11:40 sda45
    brw-------  1 root   root     8,   5 1970-07-03 11:40 sda5
    brw-------  1 root   root     8,   6 1970-07-03 11:40 sda6
    brw-------  1 root   root     8,   7 1970-07-03 11:40 sda7
    brw-------  1 root   root     8,   8 1970-07-03 11:40 sda8
    brw-------  1 root   root     8,   9 1970-07-03 11:40 sda9
    brw-------  1 root   root     8,  16 1970-07-03 11:40 sdb
    brw-------  1 root   root     8,  17 1970-07-03 11:40 sdb1
    brw-------  1 root   root     8,  32 1970-07-03 11:40 sdc
    brw-------  1 root   root     8,  33 1970-07-03 11:40 sdc1
    brw-------  1 root   root     8,  48 1970-07-03 11:40 sdd
    brw-------  1 root   root     8,  49 2020-05-26 15:41 sdd1
    brw-------  1 root   root     8,  58 1970-07-03 11:40 sdd10
    brw-------  1 root   root     8,  59 1970-07-03 11:40 sdd11
    brw-------  1 root   root     8,  60 1970-07-03 11:40 sdd12
    brw-------  1 root   root     8,  61 1970-07-03 11:40 sdd13
    brw-------  1 root   root     8,  62 1970-07-03 11:40 sdd14
    brw-------  1 root   root     8,  63 2020-05-26 15:42 sdd15
    brw-------  1 root   root   259,  30 2020-05-26 15:41 sdd16
    brw-------  1 root   root   259,  31 2020-05-26 15:41 sdd17
    brw-------  1 root   root   259,  32 1970-07-03 11:40 sdd18
    brw-------  1 root   root     8,  50 1970-07-03 11:40 sdd2
    brw-------  1 root   root     8,  51 1970-07-03 11:40 sdd3
    brw-rw----  1 system system   8,  52 2020-05-26 15:48 sdd4
    brw-------  1 root   root     8,  53 1970-07-03 11:40 sdd5
    brw-------  1 root   root     8,  54 1970-07-03 11:40 sdd6
    brw-------  1 root   root     8,  55 1970-07-03 11:40 sdd7
    brw-------  1 root   root     8,  56 1970-07-03 11:40 sdd8
    brw-------  1 root   root     8,  57 1970-07-03 11:40 sdd9
    brw-------  1 root   root     8,  64 1970-07-03 11:40 sde
    brw-------  1 root   root     8,  65 1970-07-03 11:40 sde1
    brw-------  1 root   root     8,  66 1970-07-03 11:40 sde2
    brw-------  1 root   root     8,  67 1970-07-03 11:40 sde3
    brw-------  1 root   root     8,  68 1970-07-03 11:40 sde4
    brw-------  1 root   root     8,  69 1970-07-03 11:40 sde5
    brw-------  1 root   root     8,  80 1970-07-03 11:40 sdf
    brw-------  1 root   root     8,  81 1970-07-03 11:40 sdf1
    brw-------  1 root   root     8,  82 1970-07-03 11:40 sdf2
    brw-------  1 root   root     8,  83 1970-07-03 11:40 sdf3
    brw-------  1 root   root     8,  84 1970-07-03 11:40 sdf4
    brw-------  1 root   root     8,  85 1970-07-03 11:40 sdf5
    drwx------  2 root   root         40 1970-07-03 11:40 vold
    brw-------  1 root   root   253,   0 2020-05-26 15:41 zram0
    
    $ adb shell
    walleye:/ $ mount
    /dev/root on / type ext4 (ro,seclabel,nodev,relatime)
    tmpfs on /dev type tmpfs (rw,seclabel,nosuid,relatime,size=1851548k,nr_inodes=462887,mode=755)
    devpts on /dev/pts type devpts (rw,seclabel,nosuid,noexec,relatime,mode=600)
    proc on /proc type proc (rw,nosuid,nodev,noexec,relatime,gid=3009,hidepid=2)
    sysfs on /sys type sysfs (rw,seclabel,nosuid,nodev,noexec,relatime)
    selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
    tmpfs on /mnt type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=1851548k,nr_inodes=462887,mode=755,gid=1000)
    tmpfs on /apex type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=1851548k,nr_inodes=462887,mode=755)
    /dev/block/sdd3 on /persist type ext4 (rw,seclabel,nosuid,nodev,noatime,data=ordered)
    /dev/block/dm-1 on /vendor type ext4 (ro,seclabel,relatime)
    none on /dev/cpuctl type cgroup (rw,nosuid,nodev,noexec,relatime,cpu)
    none on /acct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct)
    none on /dev/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,noprefix,release_agent=/sbin/cpuset_release_agent)
    none on /dev/stune type cgroup (rw,nosuid,nodev,noexec,relatime,schedtune)
    /dev/root on /apex/com.android.tzdata@290000000 type ext4 (ro,seclabel,relatime)
    /dev/root on /apex/com.android.tzdata type ext4 (ro,seclabel,relatime)
    /dev/root on /apex/com.android.runtime@1 type ext4 (ro,seclabel,relatime)
    /dev/root on /apex/com.android.runtime type ext4 (ro,seclabel,relatime)
    debugfs on /sys/kernel/debug type debugfs (rw,seclabel,relatime)
    none on /config type configfs (rw,nosuid,nodev,noexec,relatime)
    tracefs on /sys/kernel/debug/tracing type tracefs (rw,seclabel,relatime)
    /dev/block/sde4 on /metadata type ext4 (rw,sync,seclabel,nosuid,nodev,noatime,discard,data=ordered)
    /dev/block/sda28 on /firmware type vfat (ro,context=u:object_r:firmware_file:s0,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=437,iocharset=iso8859-1,shortname=lower,errors=remount-ro)
    tmpfs on /storage type tmpfs (rw,seclabel,nosuid,nodev,noexec,relatime,size=1851548k,nr_inodes=462887,mode=755,gid=1000)
    /dev/block/sda45 on /data type ext4 (rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,resgid=1065,errors=panic,stripe=4096,data=ordered)
    /dev/root on /apex/com.android.conscrypt@290000000 type ext4 (ro,seclabel,nodev,relatime)
    /dev/root on /apex/com.android.conscrypt type ext4 (ro,seclabel,nodev,relatime)
    /dev/root on /apex/com.android.media@290000000 type ext4 (ro,seclabel,nodev,relatime)
    /dev/root on /apex/com.android.media type ext4 (ro,seclabel,nodev,relatime)
    /dev/root on /apex/com.android.media.swcodec@290000000 type ext4 (ro,seclabel,nodev,relatime)
    /dev/root on /apex/com.android.media.swcodec type ext4 (ro,seclabel,nodev,relatime)
    /dev/root on /apex/com.android.resolv@290000000 type ext4 (ro,seclabel,nodev,relatime)
    /dev/root on /apex/com.android.resolv type ext4 (ro,seclabel,nodev,relatime)
    adb on /dev/usb-ffs/adb type functionfs (rw,relatime)
    mtp on /dev/usb-ffs/mtp type functionfs (rw,relatime)
    ptp on /dev/usb-ffs/ptp type functionfs (rw,relatime)
    /data/media on /mnt/runtime/default/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal)
    /data/media on /storage/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal)
    /data/media on /mnt/runtime/read/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=23,derive_gid,default_normal)
    /data/media on /mnt/runtime/write/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal)
    /data/media on /mnt/runtime/full/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=9997,multiuser,mask=7,derive_gid,default_normal)
    pstore on /sys/fs/pstore type pstore (rw,seclabel,relatime)
    
  24. Computer (non-mobile) hardware is much more flexible. Storage devices can be removed from a computer, then added to another computer as a secondary disk. When booting from an installation assumed to be uncompromised (by [the same] malware), a search for malware can be performed on the other disk without executing any code, reducing risk of infection for the booted disk. This kind of procedure can be performed reasonably easily by most repair shops, and even non-technical people can do this without the need for soldering.
  25. 26.00 26.01 26.02 26.03 26.04 26.05 26.06 26.07 26.08 26.09 26.10 26.11 26.12 Same as Linux Desktop Distributions.
  26. The masterkey is not stored on the internal storage. It is stored in hardware.archive.org which is even harder to extract.

    Note: "masterkey" here does not mean "backdoor". This is normal for most Linux desktop distributions offering full disk encryption. The masterkey is stored somewhere. When entering the password at boot with Linux desktop full disk encryption enabled, what gets decrypted is not actually the disk but the masterkey. This is then used to decrypt the disk, which is also called luks header. The advantage of the masterkey is that changing the disk encryption password is possible without having to re-encrypt the whole disk. (cryptsetup-reencrypt).

    It is perhaps possible to dump the masterkey if the phone can still be started and can be rooted. There are no instructions how to do so. Hence, not "reasonably easily".
  27. Same issue as Most iPhone / Android devices. Limitation of hardware, not software.
  28. Same as Linux Desktop Distributions.
  29. See next point below.
  30. Signalarchive.org is such an example. People expected Titanium Backuparchive.org to be able to backup the Signal app data but lost dataarchive.org. Extra steps are required for a Signal backup.archive.org (Insturctions untested by author of this wiki page.)
  31. Quote https://developer.android.com/guide/topics/manifest/application-element#allowbackuparchive.org android:allowBackup

    Whether to allow the application to participate in the backup and restore infrastructure. If this attribute is set to false, no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb. The default value of this attribute is true.

  32. 33.0 33.1 If credentials can be provided (full disk encryption password if used), (super) root will have full access.
  33. How to prevent applications from discovering my phone as being Rootedarchive.org
  34. How-To Geek: SafetyNet Explained: Why Android Pay and Other Apps Don’t Work on Rooted Devicesarchive.org
  35. AP Exclusive: Google tracks your movements, like it or notarchive.org

    Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to.

    An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.

    Computer-science researchers at Princeton confirmed these findings at the AP’s request.

  36. How it works, according to Google, is that the Android Location Services periodically checks on your location using GPS, Cell-ID, and Wi-Fi to locate your device. When it does this, your Android phone will send back publicly broadcast Wi-Fi access points' Service set identifier (SSID) and Media Access Control (MAC) data. Again, this isn't just how Google does it; it's how everyone does it. It's Industry practice for location database vendors.

  37. Google can still use Bluetooth to track your Android phone when Bluetooth is turned offarchive.org
  38. As in singling out specific users. Shipping malicious upgrades to select users only.
  39. Probably same as Linux Desktop Distributions.
  40. Linux distributions usually do not require an e-mail based login to receive upgrades. Users can still be singled out by IP addresses unless users opt-in for using something such as apt-transport-tor which is not the default.
  41. All upgrades are downloaded over Tor. There is no way for the server to ship legit upgrade packages to most users while singling out specific users for targeted attacks.
  42. Some Android vendors introduce mitigations that introduce attack surfacearchive.org.
  43. Debian comes with a broken /etc/apt/sources.list file by default.
    • Debian default /etc/apt/sources.list comes with a broken deb cd-rom: line.
    • Debian default /etc/apt/sources.list comes with http instead of https by default.
    • Debian default /etc/apt/sources.list has only the debian-security repository enabled by default but not the debian repository. As a result, no packages are installable until the user figures out how to add that line to APT sources.
    When using Debian Installer (not Calamares), installing while not using a network mirror, Debian default /etc/apt/sources.list comes empty except fora broken deb cd-rom: line.
  44. On Debian, the user must run after a new installation su followed by /usr/bin/adduser user sudo and reboot (or re-login) to be able to user sudo.
  45. It currently only assists with using shared folders in VirtualBox. Other virtualizers -- such as KVM shared folder setup -- might be possible in the future.
  46. Such as creating default folders, allowing commands to be run without a password, simplifying the running of OpenVPN as an unpriveleged user, and much more.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!