Home Security Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks

Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks

by


Oct 03, 2024Ravie LakshmananMobile Security / Technology

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks.

The cellular baseband (i.e., modem) refers to a processor on the device that’s responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface.

“This function inherently involves processing external inputs, which may originate from untrusted sources,” Sherk Chung and Stephan Chen from the Pixel team, and Roger Piqueras Jover and Ivan Lozano from the company’s Android team said in a blog post shared with The Hacker News.

“For instance, malicious actors can employ false base stations to inject fabricated or manipulated network packets. In certain protocols like IMS (IP Multimedia Subsystem), this can be executed remotely from any global location using an IMS client.”

Cybersecurity

What’s more, the firmware powering the cellular baseband could also be vulnerable to bugs and errors that, if successfully exploited, could undermine the security of the device, particularly in scenarios where they lead to remote code execution.

In a Black Hat USA presentation last August, a team of Google security engineers described the modem as both a “fundamental” and “critical” smartphone component with access to sensitive data and one that’s remote accessible with various radio technologies.

Threats to the baseband are not theoretical. In October 2023, research published by Amnesty International found that the Intellexa alliance behind Predator had developed a tool called Triton to exploit vulnerabilities in Exynos baseband software used in Samsung devices to deliver the mercenary spyware as part of highly targeted attacks.

The attack involves conducting a covert downgrade attack that forces the targeted device to connect to the legacy 2G network by means of a cell-site simulator, following which a 2G base station transceiver (BTS) is used to distribute the nefarious payload.

Google has since introduced a new security feature in Android 14 that allows IT administrators to turn off support for 2G cellular networks in their managed devices. It has also highlighted the role played by Clang sanitizers (IntSan and BoundSan) in hardening the security of the cellular baseband in Android.

Then earlier this year, the tech giant revealed it’s working with ecosystem partners to add new ways of alerting Android users if their cellular network connection is unencrypted and if a bogus cellular base station or surveillance tool is recording their location using a device identifier.

The company has also outlined the steps it’s taking to combat threat actors’ use of cell-site simulators like Stingrays to inject SMS messages directly into Android phones, otherwise called SMS Blaster fraud.

“This method to inject messages entirely bypasses the carrier network, thus bypassing all the sophisticated network-based anti-spam and anti-fraud filters,” Google noted in August. “SMS Blasters expose a fake LTE or 5G network which executes a single function: downgrading the user’s connection to a legacy 2G protocol.”

Cybersecurity

Some of the other defenses the company has added to its new Pixel 9 lineup include stack canaries, control-flow integrity (CFI), and auto-initialization of stack variables to zero to avoid leakage of sensitive data or act as an avenue to gain code execution.

“Stack canaries are like tripwires set up to ensure code executes in the expected order,” it said. “If a hacker tries to exploit a vulnerability in the stack to change the flow of execution without being mindful of the canary, the canary “trips,” alerting the system to a potential attack.”

“Similar to stack canaries, CFI makes sure code execution is constrained along a limited number of paths. If an attacker tries to deviate from the allowed set of execution paths, CFI causes the modem to restart rather than take the unallowed execution path.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex