Chrome OS leaks data to Google before switching on a VPN
I was basically searching for a report on Android Root Access Victims, but, ended up with another this one.The sexy-named Communications Electronics Security Group (CESG) – the bit of GCHQ that helps Brits protect stuff from foreign spies (never mind Blighty's) – has issued fresh advice for securing BlackBerry OS 10, Android and Chrome OS 32.
It also, handily, identifies "significant risks" in the operating systems.
The guidelines on safeguarding various operating systems from miscreants – as we have previously noted – run to the OFFICIAL level of security, not SECRET or above. OFFICIAL is on a par with most business and corporate security.
The refreshed advice for Android is to the move from Jellybean to KitKat (version 4.4); enable (NSA-originated) SELinux in enforcing mode to strengthen sandboxing; use certificate pinning to tackle interception and modification of SSL-encrypted traffic; and switch on verified boot.
... ... ...
... ... ...
The advice for Google's Chrome OS 32 notes that the browser-driven system relies on the advertising giant's online services for user management and authentication – and there is no ability to automatically lock a user account after a number of failed login attempts when the device has no internet connection.
CESG cautions that Chrome OS's data encryption has not been independently tested and nor has the VPN. There are no third-party VPN products for Chrome. Indeed, CESG warns:
The VPN has not been independently assured to Foundation Grade, and does not currently support some of the mandatory requirements expected from assured VPNs. The VPN can be disabled by the user and some Google traffic is sent prior to the VPN being established resulting in potential for data leakage onto untrusted networks. Without assurance in the VPN there is a risk that data transiting from the device could be compromised.
+ Reply to Thread
Results 1 to 2 of 2
Not 'Latest Video News: Moving to Computer Forum.