When smartphone users download an app, they may be letting malicious software into their devices. Facebook has created Conceal to help.
The “secure digital” in “secure digital (SD) cards,” is an oxymoron. SD cards, commonly used for storing photos and other data on smartphones, are digital, but they are not secure. Facebook wants, however, to make SD cards secure for its users as well as for the open-source community.
When applications are installed on a user’s smartphone, they are sometimes installed on the SD card. When users give an application permission to write and read to their SD cards, that permission extends to any application or data on that card, as reported by Wired UK.
Facebook’s Conceal, is a software library built to perform fast encryption for “typical Android devices which run old Android versions, have low memory, and slower processors,” as stated on Facebook’s Conceal webpage.
Currently, Conceal is used to store Facebook users’ image files on an SD card in an encrypted format, which allows for data to be offloaded to the SD card in a secure manner.
Many SD card manufactures leave the ability to update their firmware unsecured, as explained in a Techcrunch article. This allows for malicious software to be run from an SD card, and users’ data can be copied to a hidden memory area. Firmware is a piece of code that is stored on the SD card, and it lets the SD card know what it can and cannot do.
If the SD card is updated with malicious software, it can also serve a man-in-the-middle attack device, as explained in a SC Magazine article.
Conceal is now available to any developer who wants to use it to protect users’ data from other applications and malicious code.