'

Google Fuchsia: Here's what the NSA knows about it

Fuchsia is Google's mystery operating system. At the recent Linux Security Summit, the NSA revealed what they've found out about it to date.

A while back, Google told us Fuchsia is not Linux. There have also been endless rumors, with little hard proof, it will eventually replace Android. Other than that, we don't know much. But the National Security Agency (NSA), of all groups, has been checking into Fuchsia and revealed its findings at the recent North American Linux Security Summit in Vancouver, B.C.

Also: Pixel 3, Google Home Hub and Pixel Slate: Everything Google just announced CNET

Fuchsia is a modular operating system

James Carter and Stephen Smalley of the NSA showed off some Fuchsia secrets. Their focus was on security in Fuchsia and Zircon, its underlying micro-kernel.

Zircon started as a fork from the Little Kernel, the Android bootloader. It's been heavily modified to become a micro-kernel operating system. It now includes a small set of userspace services, drivers, and libraries. These are used to boot the system, talk to hardware, load userspace processes and run them, and not much more. The kernel manages several different object types. Those that are directly accessible via system calls are C++ classes. Fuchsia is built on top of this.

It's a modular operating system. This implies you'll be able to use it on low-powered, minimal-resource devices all the way up to PCs. You simply add the object modules for more functionality.

It looks like Unix/Linux

Fuchsia also supports a subset of Portable Operating System Interface (POSIX) conventions.

This means, from a developer's viewpoint, it looks like Unix/Linux. Fuchsia uses Google's Flutter as its software development kit (SDK). With it, you can build Chrome OS and Android apps. Fuchsia also supports Apple's Swift language .

Also: Google Home: A cheat sheet TechRepublic

Numerous security issues

Smalley and Carter's job is to investigate operating systems and software for potential use in national security jobs. In short, to see if it's easy to break. The NSA doesn't want the government using fragile systems.

Carter also helped create SELinux, the most secure approach to running Linux. In checking out Zircon and Fuchsia, they shared their discoveries about the operating system.

First, they found that Zircon is the only part of Fuchsia that runs in supervisor mode. Everything else -- drivers, filesystems, network, etc. -- run in user mode. This means programs on Fuchsia will take a very different approach than they do on most operating systems.

While looking deeper, they also found numerous security issues. For example, Carter said, "You can acquire a handle to anything in that job or any child jobs," and, naturally enough, "a leak of root job handle is fatal to security."

Much work needs to be done

Fuchsia's issues are big enough that, as of this summer, it was far from being ready for production. As Carter explained, Fuchsia is very much a "work in progress" system and "a lot of work needs to be done" before Fuchsia is secure.

Compared to Linux, the still-immature Fuchsia is far from secure.

But, Carter remarked, while "much work" needs to be done, it can be made secure, and he encourage open-source developer to help Google lock Fuchsia down.

Immature or not, Fuchsia might soon be running on the forthcoming Google Home Hub.

Also: Google Home Hub says no to smart-home cameras in your bedroom CNET

Is Fuchsia inside Google Home Hub?

Home Hub is a new Internet-of-Things (IoT) device. It's essentially a Google Home with a 7-inch touchscreen. It includes a fabric-encased full-range speaker, a light sensor, and two far-field microphones. It doesn't include a video camera. But, under the hood, it will sport a Amlogic S905D2 CPU instead of a Qualcomm SD624 SoC.

The good people at 9to5Google, who have been covering Fuchsia like hawks, put two and two together and started digging into the Google Home Hub's source code. They found traces of Fuchsia. Now, this doesn't mean it will arrive under your Christmas tree running Fuchsia, but it might!

Will you want to? No, based on what the NSA found, I'd say not. But, if you want to tinker with Fuchsia, it might be worth getting the new Google Home Hub.

Related stories: