This weekend the only hot discussion topic except what awesome black Friday deals can people lay their hands on is the announcement concerning the fabled Google chrome OS. Early press articles have provided a good overview of what the Google OS might look like. The following articles are informative and entertaining.
One of the most important issues concerning this new shiny OS is security. Some pundits round the Internet seem to towing the line that this new thin client based OS is the panacea of most security issues plaguing us today. I only have one thing to say to them: wake up and smell the roses/coffee/eau-de-cologne…
Why do I say this: Google’s code is an “infant” compared to say the code branches for FreeBSD as an example. Google does have awesome engineers working on this project, they are very, very good. Moreover canonical the company which provides commercial support for Ubuntu, has done quite a bit of legwork behind the scenes. however, the point remains that the code used for this OS is very new, there will be issues with it. I can bet that zero-day attacks will evolve. The rationale is simple, writing an OS, even as simple as something like MINIX, which most universities introduce CS students to, is not easy to grasp. Think about the complexity associated with developing large numbers of clean software modules, linking them together and then performing white-box/black-box testing. This is hard enough for a non-Internet reliant application but for an OS which is heavily dependent on the net, the complexity is much much more. Heck, even the best web-applications have not figured out a bullet proof way to operate on the net. Furthermore, anyone who has written any kind of a web-app knows that users will always end up using the app in a way that has not been anticipated by the developers.
I must add though, the thought process behind the development of this architecture is impressive.
Consider the fact that even though the chrome OS is a thin client, it will still have to allow interfacing with external hardware such as your USB disk, which is another attack vector. It could be worth investigating if the OS could be “fooled” into opening up access to a virtual “non-existent” device which just pumps in code into the OS. Oh and yes, the chrome does have the ability to revert back to a “clean” version, but it becomes moot in the face of the biggest threat to the chrome OS: Social engineering.
The challenges of warding off an attack based on social engineering are no more a problem for chrome than any other OS/web-app/enterprise… Assuming the scenario mentioned, if we can open up a connection to the OS, making it believe that its opening up access to a USB disk, a binary is pumped in, which claims some famous AV company has provided you a free trial courtesy of Google… what then… the customer can be compromised and his “account” be used for bot purposes. Of course, once the damage is done you can remove the binary and break the link to the bot network.
The point being, security is an ongoing process. And the weakest link is an uninformed user, until that changes, whether it be Google chrome OS or Microsoft/Ubuntu/fedora/Unix… everything has a security hole: the human factor.
Till next time.