KaiOS has a simple architecture with very few layers.   KaiOS  phones  typically  have  a  four-digit  PIN  code
            This  makes  it  simple  and  lightweight  but it goes   that can be brute forced in a few hours.
            against the principle of defense in depth.         The KaiOS API provides communication channels to
                                                               secure elements and in 2018 KaiOS has partnered
            4�2  Rooting and missing root detection            with chip manufacturer that could provide secure
            Rooting a phone consists in changing its configura-  elements for KaiOS phones . Although actual KaiOS
                                                                                       6
            tion such that users can get full control of the soft-  phones do not seem to have this feature, it is possi-
            ware on the phone.                                 ble that future versions will have it.
            Many KaiOS phones have a, relatively, hidden feature   Finally, the SIM card is a secure element that is pres-
            that allows debugging of the phone and which can   ent on all mobile phones. An API for using the SIM
            sometimes be used to root the phone. Other KaiOS   card for authentication (mobile ID) existed for Fire-
            phones allow copying files to the phone over USB in a   foxOS, the precursor of KaiOS. Unfortunately, KaiOS
            way than can be abused to root the phone. However,   has decided to not support this API.
            some more recent phones are known to not be root-
            able. More details can be found on the web pages of   4.3.2   No fingerprint scanner or face recognition
            the BananaHackers .                                A known problem with phones is that it is difficult to
                             5
            One motivation for rooting a KaiOS phone was to    type long and complex passwords. As a result, users
            install a Whatsapp application when it was not yet   tend to have short and more predictable passwords.
            officially available on KaiOS.                     To mitigate this, smartphones have different type of
            Rooting is considered dangerous as it could allow   biometric scanners (fingerprint, face) that can recog-
            controlling and modifying the behaviour of installed   nise a user and then unlock the phone or an applica-
            applications or spy on their communications.       tion, and give access to secrets stored in the trusted
            Rooting can be particularly dangerous if it can be   execution environment.
            achieved by a third party, without the knowledge of
            the phone’s user. In such a scenario, a remote attack-  4�4  Faulty Software and little incentive to patch
            er could root the phone and then take control of a   Because of its simple architecture, vulnerabilities in
            financial app, for example.                        applications can often have a large impact and can
            In smart phones, applications can detect if a phone   sometimes be exploited by a web page containing
            is rooted, or jailbroken in the case Apple phones. The   malicious JavaScript. See for example the report of
            operating system provides a functionality to detect   NCC Group regarding the Alcatel Flip 2 phone . Errors
                                                                                                      7
            rooting. On Android this functionality is called Safe-  in applications added by the manufacturer allowed to
            tyNet. Many financial applications will refuse to run
            or be installed on a rooted smart phone.           i.  Execute arbitrary commands with root privileges
            There is no specific API in KaiOS that would allow   using an undocumented application,
            detecting if a phone was rooted.                   ii.  Change the parameters for Over The Air (OTA)
                                                                 updates with JavaScript from any web page,
            4�3  Missing security features                     iii. Disable the PIN of the lock screen by connecting
            Modern smart phones have two security features       to the phone with a USB cable.
            that greatly improve the security:
                                                               One could argue that KaiOS phones are quite recent
            4.3.1   Trusted Execution Environment (TEE)        and that early smart phones also had their share of
            The TEE, also called secure enclave, is a specific   critical vulnerabilities. However, the push to make the
            hardware module that can  store  secrets  and keys   phones affordable and their simplified architecture
            and execute cryptographic operations with the keys.   make vulnerabilities more probable and more devas-
            If an application, or even the operating system, was   tating.
            compromised it would still be virtually impossible to   The cost argument is illustrated by the fact that
            steal the secrets stored in the TEE.               Alcatel refused to fix the critical flaws listed above,
            TEE’s are also used in smartphones to lock the phone   as the phone model was nearing its end of life. Alca-
            securely. They hold the key that is used to decrypt   tel’s resources were instead directed to fix the issue
            the phone’s content and prevent brute-forcing the   in newer models. The low price of the phones thus
            PIN code or fingerprint used to unlock the phone.   reduces the chances that vulnerabilities will be fixed.






                                                    Security analysis of the KaiOS feature phone platform for DFS applications  11