1. Download our Official Android App: Forums for Android!

Mobile Authentication security on rooted device?

Discussion in 'Android Rooting' started by Sami Lehtinen, Jan 19, 2014.

  1. Sami Lehtinen

    Sami Lehtinen Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    3
    Joined:
    Oct 11, 2013

    Hi, I'm curious about mobile authentication security. How well the SIM card TEE communication is secured with different parts, like mobile network and user interface & inputs?

    I basically like concept of mobile auth & sign. But there are a few questions. Even if the trusted execution environment (TEE) software and it's secrets would be 100% secure, there's another problem, which is the actual device accessing the TEE module. How well the interaction between user and TEE is protected on OS level? What if device is rooted, what if it's operating system is backdoored? Are they still sure that this concept works flawlessly. If there isn't additional information about this protection, I would assume, it's not going to work and it is therefore inherently hackable. That's why having 100% separate hardware for authentication & message signing would be much more secure approach.

    Reference to one service, which claims it's secure, but I really do have my doubts about it.

    Reference service: Front page | Mobiilivarmenne
     

    Advertisement

  2. Rukbat

    Rukbat Android Expert
    Rank:
    None
    Points:
    843
    Posts:
    10,392
    Joined:
    Jan 16, 2012

    Jan 16, 2012
    10,392
    2,894
    843
    Male
    Being retired and writing Tasker tasks.
    Fayetteville, NC, USA
    Rule of thumb - if the armed guard at the door can't be completely trusted, no device in the room can be considered 100% secure.

    No device out in the world can be considered secure, regardless of the "security" software on it. Even Knox has security holes.
     

Share This Page

Loading...