Pinterest Stumbleupon Whatsapp
Ads by Google

Google’s ChromeOS, at first glance, is something of a touchdown for operating system security.  It’s probably the most secure operating system in the world (at the cost of some limited functionality Everything You Need To Know About Switching To A Chromebook Everything You Need To Know About Switching To A Chromebook Chromebooks run a slimmed-down operating system optimized for getting on the web with just the Chrome browser and Chrome apps. Can you switch to a Chromebook? Read More ).  Unfortunately, ChromeOS isn’t a panacea, and serious security concerns about the platform remain.

First, though, the good news:

ChromeOS (the stripped-down linux operating system that runs on inexpensive Chrome-branded netbooks Toshiba CB35-A3120 Chromebook Review and Giveaway Toshiba CB35-A3120 Chromebook Review and Giveaway You can get some really cheap Chromebooks if you're fine with getting an 11.6-inch display. Read More ) has a bunch of really nice features for security-conscious users.  The bootloading code is stored in read-only memory, and checks the digital signature of the OS kernel prior to boot-up (the “verified boot” feature).  Because the bootloader is in ROM, hackers can’t possibly modify it without physically tampering with the chip.  If the system files fail the check, the bootloader will simply reset the entire machine to factory settings, destroying any malicious code that might have been inserted.

chromebookbootup

The security of the platform is further strengthened because it’s based on web apps, which are run in a sandbox: their threads and memory are kept separate, theoretically preventing a malicious web app from accessing information or taking control of other apps.  System updates containing security fixes are applied automatically and invisibly when the computer is connected to the network, to ensure that Chromebooks are always up to date.  There are even a few security options Securing Your Chromebook With Two Easy Tweaks Securing Your Chromebook With Two Easy Tweaks One of the most touted benefits of a Chromebook is its security. But are there any steps that owners can take that will improve and enhance the current level of protection? Read More you can enable to protect the device from attackers with physical access to the device.  Trying to get malware onto a ChromeOS machine is not an enviable task.  You can read more about the security of the ChromeOS platform here.

So what’s the problem?

Ads by Google

You Can’t Trust the Sandbox

Unfortunately, the security offered by web sandboxing is largely informal and unproven.  Plenty of sandboxes, including Java, have had bugs discovered that allowed applications to get out of them and execute arbitrary instructions on the machine.  Chrome itself has had sandbox-breaking attacks demonstrated against it by black-hat hackers.  Those specific exploits are now fixed, but there’s no guarantee that there aren’t more.  Rik Ferguson, a security researcher, puts it like this:

“Exploits that break out of sandboxing have already been demonstrated for Internet Explorer, for Java, for Google Android and of course for the Chrome browser (to name but a few), while the Google sandbox is effective, it is not impenetrable and to rely on it for 100 per cent security would be short-sighted.”

chromelapelpin

The worst offender here is the interactive web, particularly webGL, an implementation of OpenGL (a common graphics library) intended for use in web browsers.  WebGL lets you run graphically impressive 3D demos from your browser, which is really cool (such as these examples), but, unfortunately, it’s also a nightmare for security.  WebGL allows web apps to send arbitrary shader instructions to the video card of the machine, which allows a whole imaginative rainbow of possibly sandbox-breaking exploits.  Microsoft’s official position is that webGL is too insecure for internal use:

 “The security of WebGL as a whole depends on lower levels of the system, including OEM drivers, upholding security guarantees they never really need to worry about before. Attacks that may have previously resulted only in local elevation of privilege may now result in remote compromise. While it may be possible to mitigate these risks to some extent, the large attack surface exposed by WebGL remains a concern. We expect to see bugs that exist only on certain platforms or with certain video cards, potentially facilitating targeted attacks.”

You Can’t Trust the Cloud

Even worse than possible threats against the sandbox, though, is the nature of the platform itself.  Chromebooks, by design, depend heavily on the cloud.  If you accidentally destroy your Chromebook (by, say, stepping on it or dropping it into a lake of molten rock), your data isn’t gone.  You can just buy a new one, log in, and get all of your data and settings back.

Unfortunately, this exposes users to considerable risk on the cloud side of the equation. Sean Gallagher of Ars Technica points out in his editorial “Why the NSA Loves Google’s Chromebook,” we know that the NSA has had (and may still have) invasive backdoors into Google’s cloud storage, and can use that to spy on all of the files of Drive users, including those using Chromebooks. As Gallagher puts it,

None of this is necessarily Google’s fault. But it’s a weakness of the browser as platform—by pushing nearly all the computing resources for applications, besides presentation, back up into the cloud, the Chromebook model creates a one-stop shop for attackers or observers to inject themselves into your computing world.”

It’s not just the NSA, either.  While the trusted bootloader can protect you from persistent, malicious modifications to the operating system that report on your doings, even a single security breach by a web app could be enough to steal your keys and authentication details, which an attacker could then use to access your cloud data and browse it at their leisure.

oldschoolencryption

Native Apps are Coming

To make matters worse, ChromeOS’s sandbox isn’t a particularly pure paradigm: the browser extensions that run on top of web pages, like Adblock Plus and Google Translate are native code running on the machine, and they can do all kinds of nasty things (including displaying adware and spying on your passwords).  There are even extensions you can download that detect and remove other malicious extensions – a form of the anti-virus software that ChromeOS isn’t supposed to need.  To Google’s credit, ChromeOS will only install apps from the Chrome extension store that have already gotten through Google’s approval process.  Unfortunately, that vetting process relies on human judgement, and the guarantees provided by that vetting are much weaker than those provided by good sandboxing.

It gets worse:  Google plans to implement native apps in the form of Android apps, run in ChromeOS via an interface layer.  These would be native apps that introduce a whole breadth and depth of security concerns to ChromeOS, and those security concerns are made more serious by the relative vulnerability of the cloud to key theft.  Breaches are more serious when they’re invisible and persistent.

androidchromebook

Now, of course, any Android apps allowed onto ChromeOS will presumably be carefully vetted by Google’s team for malicious code, but that’s simply not a strong enough guarantee to hang the security of the machine on.  Even if the code isn’t malicious, they’ll almost certainly come with their own exploits and vulnerabilities that could be used to gain access to the operating system.  Native code is dangerous, and violates the security principles that are intended to keep ChromeOS safe.

ChromeOS: Secure, But Concerns Exist

It’s worth taking a moment here to reiterate that ChromeOS is very secure.  If you’re using Windows, Linux, or OSX, ChromeOS is leaps and bounds more secure.  In fact, that’s true of basically every operating system except Plan 9, a hyper-secure operating system so obscure that it avoids malware at least partially by not having any ‘ware’ to speak of.  However, don’t take that as an excuse to be careless: serious security concerns about ChromeOS remain, and it’s worth being mindful of them when you trust your computer with sensitive information.

Image credits: Hacker with a Laptop Via Shutterstock, “Chrome Lapel Pin” by Stephen Shankland, “Chromebook“, by slgckgc, “Chromebook foto test“, by ?? ?, “Kryha-Chiffriermaschine, Kryha-Encryption Device“, by Ryan Somma

  1. lolz
    August 23, 2016 at 5:41 pm

    ChromeOS is the weakest operating system iv ever seen. it can be hacked simply by knowing the chrome books owner google username and password. something that can be easily done.

  2. Walker Rowe
    August 11, 2016 at 6:10 pm

    Are you kidding? You are saying that ChromeOS is not safe because of the cloud? People with Mac and Windows use the cloud too. So that's not an argument to make.

  3. Travis Hodge
    November 8, 2015 at 9:51 pm

    Chrome OS actually does sandbox plugins, extensions and native apps, as well as web-based code, so that last point is moot.

  4. Hayden
    October 15, 2014 at 8:03 am

    Was Plan9 ever even considered a complete os, let alone a secure one??

    I'll stick with Gentoo and Arch/Parabola GNU/Linux with LVM and LUKS encryption

  5. J V
    September 3, 2014 at 12:31 am

    ChromeOS is leaps and bounds more secure than Linux? Lots of fail in that assertion. They took Gentoo Linux and Scroogled it.

    • Michael
      September 5, 2016 at 1:12 pm

      Except ChromeOS is good, unlike every Linux distro out there.

  6. pmshah
    September 2, 2014 at 3:48 am

    "Because the bootloader is in ROM, hackers can’t possibly modify it without physically tampering with the chip."

    Are you kidding ? When one talks about ROM one supposedly talks about "Masked-ROM", nor EEPROMs or plain old EPROMS. The first could only be altered by applying special high voltage to a specific pin, absent in all chrome books or notebooks, and the latter could be erased by exposure to UV for a certain length of time. On the other hand a "Masked-ROM" simply can't be modified, no matter what you do,even by physically tempering with it like desoldering it from the motherboard and trying any kind of trick.

    Embedded Win Ce devices like the PDAs of yesteryears, Casio - Cassiopaea for one, always incorporated such roms to hold the factory default OS. This would get loaded in memory to function either on first time use or if the battery was completely discharged and all memory content was lost. You could even force it to if you needed to.

    @Slashee the Cow
    I know what it feels like to get BSOD on update. I also had the same problem. The culprit was always the driver update for ATI graphic chips. They have been nothing but trouble and can't simply be removed. Don't update them and you won't have any problems.

  7. MFR
    September 1, 2014 at 11:25 pm

    See Epic or Tor browsers and tell me more about security :)

  8. Bud
    September 1, 2014 at 5:33 pm

    Dragonmouth ..........."most secure ???" I've had Windows and now use OS X and for security, I'll stay with Apple's OS X's. Like anything new, there are ALWAYS bugs, like the constant need to patch Windows flaws EVERY freakin' month !!!

  9. REOqueens
    September 1, 2014 at 4:09 pm

    soooooo, is some sort of solution being proposed? This is merely an observation - ok, good. So what? There neither is nor will be a perfect platform. In the meantime, I can travel out of the country with my Chromebook and feel reasonably safe from malicious hacking. As Andre says above, it's cheap, the battery life is wonderful and it does almost everything I need done. It is the perfect business traveling companion combined with a flashdrive. Regarding the installation of updates and the "choice" of Windows updates on a regular computer: most people automatically install - we have no idea which are beneficial or not, therefore the automatic installation of CB updates is a bonus!

  10. Mark Fugly
    September 1, 2014 at 5:30 am

    So you or we, might someday have to deal with a bug on Chrome, and since you think there **might** be more flaws in Chrome, despite the fact that you do not know of any, you are going to call Chrome insecure, and attempt to make your assumptions sound like fact.

    I think you are talking out of your ass. Why aren't you telling people that you are making all kind of unsubstantiated, claims here? What you just did is start rumors and innuendo. I'm glad you are not a doctor. You'd be making people commit suicide by predicting the they are going to end up with cancer simply because xx% of the population does.

    Better yet, you sound like those scientists that have fudged their data on the climate in an attempt to make the data backup their beliefs, even though it really doesn't, but despite the fact that the data is and was corrupted by them, they still want us all to believe the climate if going to start the oceans boiling. Rubbish.

    And so is this article.

  11. DeadlyOwnage
    August 31, 2014 at 8:04 pm

    " ChromeOS Is Not A Computer, Its A Horrible Browser With More That Enough Security Flaws That A Hacker Can Crack At " - DeadlyOwnage

  12. bnjohanson
    August 31, 2014 at 11:26 am

    This sounds really great for people that have mustered enough courage to take the next step from video game consoles, T.V. Guide crossword puzzles, supporting newly accepted students to Romper Room/required The Beast to bring you here, and just prior to tackling the pastel colours and developing the remedial mindset required to effectively expose oneself to Apple products and come out the other end with a semblance of confidence...

    • Andre I
      September 1, 2014 at 10:56 am

      Sorry, I think you slipped into markov chain in the middle there. Not sure what you're getting at.

  13. olman60
    August 31, 2014 at 8:07 am

    No OS is 100% secure. However I invite you to challenge Google. They offer millions to hackers who can break Chromebook security.
    Moreover since I have my CB, my Windows laptop is getting dust. I

  14. dragonmouth
    August 30, 2014 at 8:51 pm

    " It’s probably the most secure operating system in the world"
    If you don't mind Google looking over your shoulder 24/7/365.

    "System updates containing security fixes are applied automatically and invisibly when the computer is connected to the network,"
    Auto updates are a double-edged sword. Yes, they may keep your Chromebook up to date but what happens when the update turns out to be bad, as has happened with Windows Updates in the past? Does Google automatically back it out and apply a good one?

    "Microsoft’s official position is that webGL is too insecure for internal use:"
    If even M$ thinks something is insecure then it must be a real humdinger of a security threat!

    So basically the customer buys the Chromebook hardware but Google controls everything. At least with a Windows PC the user can refuse to install updates and choose what apps to install and use.

    The Chromebook experince sounds to me like the intro to the original Outer Limits TV series:
    "There is nothing wrong with your television set. Do not attempt to adjust the picture. We (Google) are controlling transmission. If we wish to make it louder, we will bring up the volume. If we wish to make it softer, we will tune it to a whisper. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. For the next hour, sit quietly and we will control all that you see and hear. "

    The bottom line is that for now Chromebooks MAY BE secure, but there are many possible exploits and vulnerabilities that can make them very insecure very quickly.

    • Slashee the Cow
      August 30, 2014 at 11:48 pm

      "At least with a Windows PC the user can refuse to install updates"
      Not recommended. Unless you hear about an update causing BSODs (alas, I only heard about that after I installed it and got a BSOD every time I booted my computer).

      With the plethora of attacks for Windows and the constant development of new ones based on its large market share, not keeping your Windows installation up to date isn't a very good idea... unless you trust some random hacker more than you trust Google.

    • olman60
      August 31, 2014 at 8:33 am

      I agree with you regarding system updates. However I never experienced any problems with system updates on my CB since 2 years. There are 3 channels: development, beta an stable.

      Google looking over your shoulder? stay away from Internet and traditional PC is a useless device for the majority of people. When you are connected, you loose your privacy, no matter what you believe.

      WebGL may be insecure with some Windows or MAC openGL drivers. CB come with well tested GPU therefore webGL is magnitude more secure on Chromebook than on any other devices. There is a GPU blacklist for WebGL.

  15. hullo
    August 30, 2014 at 8:25 pm

    I returned my Chromebook. Its to most useless device I ever used.

    • Andre I
      August 30, 2014 at 9:10 pm

      I do all of my work from one: it's inexpensive, the battery life is great, and it does what I need, but yeah, the platform does have serious limitations.

    • Stefan G
      September 1, 2014 at 1:20 pm

      If I ever get a chromebook,I will install linux because I agree software is bad,but hardware is cheap and powerfull so I will get powerfull linux system for low price

    • Angela A
      September 2, 2014 at 10:04 am

      Weird to hear that! I love mine.

    • Dylan
      March 12, 2015 at 6:45 pm

      Had Mine for over a year very useful I only use it for browsing and secure things anyways use ubuntu linux on most of my other systems

Leave a Reply

Your email address will not be published. Required fields are marked *