It should as long as it supports HMAC-SHA1 Challenge-Response. We do include support for HMAC-SHA1 and the standard yubikey 2FA using YubiCloud. The latter does require internet access but no additional setup by the end user. It's now up! Tinfoiled Linux Beta has been uploaded to our website over here. If you have any feedback on it please let me know!! GuardianRom is being uploaded again right now. The delays are now over with
Hi, I'm not sure if it is just me, but I find the website (shadowcatconsulting.com) horribly confusing. In the news section it tells me the rom was uploaded on 2014-08-14, I have checked the download page multiple times since then and it always shows the files are currently uploading. The current documentation file links to a download page that doesn't even exist. After lots of clicking around I found an installer, but I still was not able to find any link to the source code ("The ROM is completely Open Source"). By the way I am a bit surprised that a site about security doesn't use ssl encryption as a default.
I haven't been able to get on lately to explain everything in detail. It's a very long story and I will post on the site to explain everything when I have a chance. Few things to note: The current site at: www.guardianrom.com is a temporary site, as I am not a webdesigner, nor do I have the time to dedicate to keep a site up to date so I am using SquareSpace. Squarespace sadly doesn't allow use of SSL. I am looking for another host (if you have any recommendations shoot them my way via a PM). I am the sole developer of the project - This is why things are moving so slowly. Up until recently I also had a Full Time (40 hour a week) job. GuardianRom Beta is ready to be released. It was uploaded on 2014-08-14 but due to some unforeseen events (medical) happening I was unable to finish posting everything and getting it out to you all. Source-Code for the kernel will be uploaded first as it is the quickest. Once we have our own servers we will host the code for the whole OS - making it fully open-source. We need help. If anyone here knows android development or Linux Kernel development and can help me get this out faster that would be awesome. As mentioned before the two slowest things right now are porting Hidden-OS and GRSecurity patches over to KitKat. As a one man-developer team this stretches me pretty thin. Keep an I on the site. I should be able post links soon. I won't be home until Friday but after that everything should, hopefully, go back to normal. I am hoping to get this out by Friday at the latest. Since I couldn't be at home, and haven't been, since August 15th, I have not been able to login to the site and post the links. I don't have access to a secure network or the GuardianRom GPG keys where I am currently. EDIT: Website updates are underway. The site may be down for the next few hours while everything switches over to the new host. I have also purchased SSL certificates and I am preparing a server for TOR hidden services for those whom want to remain fully anonymous.
So, does Guardian Rom protect against this? https://www.wilderssecurity.com/threads/bogus-cellphone-towers-found-in-the-us.367788/
I am working on this. The beta which is being released shortly will not have this ability just yet. The full version will have this. On software based installs (which includes the Nexus phones) we are doing this as part of the firewall. If we detect that encryption is being turned off on the 3G interface then we will alert the user (and optionally deactivate 3G all together). Once we have our own handset made (which we are working on and is part of the reason for the last set of delays) we will include the firewall but we are also hoping to have a removable 3G Modem. When the user needs to they can insert the modem and use the cellular network, when they need heightened security the can just pull it out and go WiFi only. This would be good to use with hiddenOS too. HiddenOS is used without the modem and for super sensitive stuff, while decoyOS is used day-to-day activities and with the 3G modem. Our partners are open to the idea, more so than I thought they would be. EDIT: Also our latest updates: https://www.guardianrom.com/?page_id=2376 and our site is fully HTTPS now as we switched providers and hosts.
Agreed! Oh and since I haven't been able to upload it to the website just yet here is the latest Nexus 5 beta release: https://drive.google.com/file/d/0B0FVANQaN9CkNlI0eFJJcUtSTUE/edit?usp=sharing sha256: ee8aa993e36ebfc6b0280ba73a9d4862f7236eabf378de5bad05f7aa1239ed0d Missing: HiddenOS ChatSecure (working on this but chatsecure keeps crashing I am going to talk to the developers). Firewall UI Security Centre UI Everything else should be there. Working on the reset as I type. Encryption right now is still enabled under the settings app. Once the full version is done the user will be prompted on first boot to enable it (and there will be no skip option). How to install (ALL DATA WILL BE WIPED FROM THE PHONE!!): Download the zip from the link above and extract it. Navigate to the folder in terminal (Linux/Mac) or CMD (Windows). Flash using fastboot. [In an admin command prompt (windows) or terminal (Mac/Linux)] fastboot oem unlock fastboot erase boot fastboot erase system fastboot erase userdata fastboot flash boot boot.img fastboot flash system.img fastboot oem lock fastboot continue
Any idea if/when the os will be compatible with the larger "phablet" type phones (notes, mega, LG optimus G pro)?
Well I am hoping the new Nexus phone this year will be a phablet if not I will work on porting over to the new Moto X as it's a 5.2" inch display. Nexus phones are easier as they have an AOSP source tree to work from. Stay tuned though once the source code is online I am sure someone will port it to the Note Line of devices.
Nice work! Thanks for all your hardwork on this .This is definitely a huge project to take on. Any idea when the downloads on the new page will be up?
Great work. I wish I knew kernel development so I could help, quite a project for a one man team. Will this new hardware partner change the plan of relaunching the Kickstarter campaign? I look forward helping out how I can. Cheers
Thanks for the support! It is a huge project, but it is something I need myself too so may as well open it up when we are at it New Downloads page will be up shortly. Working out the kinks, GPG keys have been issued and will be posted online, also making a warrant canary so we can alert users if we are ever court ordered to do anything. Thanks for your support! We are going to relaunch the kickstarter. Part of the goal is to release the beta build (which is posted here) onto the website, get some media attention/publicity, and then launch. We are going in at a lower goal this time (like $5,000 instead of $30,000). If we hit our goal of $5,000 I am sure we will surpass it like most kickstarter projects do. Plus all we really need to do is show we have a following. The more pledges we get the more likely we can get a manufacturer to sign on with us. Not to worry as we have schematics and 3D models of the phone already made. We know what we want in a secure phone and are excited to work on a hardware level. There is only so much you can do in software. We also need marketing people and designers. So if you are looking for ways to help send me a PM The new kickstarter has to be done right from the beginning. We need proper graphics and layout and marketing It will be happening very soon though
Wishing here... Chainfire and Franco hop on board I found ChatSecure buggy, running Xabber with OTR now, no problems.
Nice In addition to a (perhaps) more newb friendly marketing I would also suggest more technical details for advanced users. Afaik the list of features for Guardian Rom from last kickstarter was incomplete and missing some details/features which could attract more techies.
Agreed. I am not good at marketing as you can tell I am going to get someone else to do that this time around.
What is the current status of this project, and do you have a ROM that will work on the Samsung Galaxy S4..?!
Sorry everyone, I have been crazy busy with the project. Since the last time I posted major things have happened behind the scenes. We now have a partner in the mobile space that is helping us move this along faster and get more traction. Don't worry. Everything will still be open-source and I still own everything and that will never change. I would sooner shutdown the project then betray the openness of it. The good news is our partner is interested in bringing a hardware "GuardianPhone" to the market as well, this is why the last string of delays happened. I will have much more to announce soon. Keep an eye out for new updates. I will keep posting every chance I get. Stable is coming very soon as we now have multiple developers working to get HiddenOS ported as well as the rest of the security suite. At this time I can't say much more. I am very excited about the next few weeks and I can't wait to share it with you. Jared_Parrish please PM and I will try and help you out with that.
Galaxy Nexus sadly uses a system on a chip that is no longer supported. Its hard to maintain builds against it because of this.
please make sure to list all supported devices once this baby goes gold i hope this will also work on sony z2 and z2 tablets which im planning on getting and its future iterations, em tablets could deffinitely go for the proper security update> oh and btw ive been doing abit of thinking about your new airgapped project , tbh im not sure if this is anything you should be wasting your time on that should be invested in the main project , ill tell you why its because theres already systems in place that take care of those issues ,systems such as > Tails volatile live cd whonix , has all the goods of Tails minus the volatility and as last contender id put in qubes as main OS once proper windows support gets implemented and it goes gold it sure seems great so you see even for airgapped systems theres still alot of options , not to mention the need for having an airgapped system in the first place is of little need at all as long as your using a proper firewall such as pfsense with tight rules in combination with a 64 passphrase high entropy wpa2-psk tunnel on your wifi now unless ive missed something then please do tell as always where all here to learn or atleast i am
Hey Happyyarou666, I will make sure a support list is up as soon as we are done. We have made huge progress on getting it ported over. Currently EVERYTHING including hidden OS works on 4.4.4. This is good, because it is the most stable version of Android right now that is supported on the most devices. If you want 5.0 don't worry. Everything is also ported to 5.0 except for hiddenOS which will take some time to port over. We recommend users stay with 4.4.4 as it is more stable, less likely to have bugs and we will backport any security patches from 5.0. As for the Airgap. That was just released as it is the system developed for GuardianRom. I used it to access and use the GPG Signing keys for GuardianRom. None of the tools you mention give you an Airgap, they just give anonymity. An Airgap means there is NO connectivity at all except for USB or CD. Physical access only. In this case the current system has actually changed a bit. We use Debian Hardened with GRSecurity installed to an HDD with all networking disabled and all USB Devices disabled through GRSecurity. RBAC is employed as well. This harddrive is stored in a secure safe in a hidden location. The GPG Keys are kept on a separate encrypted DVD-Rom that is hidden else where. The machine has no WiFi card or Ethernet (both physically removed). The computer is stored and access in a room that is shielded with RF Shielding material to help ward off TEMPEST Style attacks. No other electronic equipment enters the room (phones, laptops, disks, etc.) The room is locked at all times with me being the only one with access. Why do all of this? Because projects like GuardianRom and some of my other works could grab the attention of 3 letter agencies. Your threat models may or may not be the same as mine, but when working on a project that will protect people I want to have as much security as possible. My threat model is landscaped as being worse-case (NSA). Why an air-gap when firewalls are in place? Because, the only "hack-proof" computer is the one that isn't online. We use airgaps to shift the attack vector from being remote to forcing it to be physical access (increasing time and effort of an attack exponentially). This way we control what the attacker can do and will know as soon as they try and get access as we have additional alarm systems and security systems in place including tamper resistant tags and Security Cameras.
Congratulations again What's the best device now for v4.4.4? Or the best ones, with some pros and cons for each? Or a URL that you recommend about that How far out is your custom hardware with locked-down and/or removable radio? Months? Years?
Nexus 5 or Nexus 4. I recommend the Nexus 5 personally as it is a very nice phone for the price. Nexus phones are better, as they are designed to be open and we can pull AOSP sources directly from the android project. Other devices take longer to support. Our hardware is roughly 4-5 months out if all goes as planned. We have a partner in place, but we need to get capital/funds in order to pay for the parts. We are going to do a few things. One the modem is locked down and our hardened kernel prevents the modem from manipulating the system as much as we can in software. Two the modem can be removed by the user, heck we are even planning on offering a model that is cheaper and doesn't include the modem making the modem an optional purchase entirely.