[ad_1]
Google has revealed the assorted safety guardrails which have been integrated into its newest Pixel gadgets to counter the rising menace posed by baseband safety assaults.
The mobile baseband (i.e., modem) refers to a processor on the system that is answerable for dealing with all connectivity, corresponding to LTE, 4G, and 5G, with a cell phone cell tower or base station over a radio interface.
“This operate inherently includes processing exterior inputs, which can originate from untrusted sources,” Sherk Chung and Stephan Chen from the Pixel group, and Roger Piqueras Jover and Ivan Lozano from the corporate’s Android group mentioned in a weblog submit shared with The Hacker Information.
“As an example, malicious actors can make use of false base stations to inject fabricated or manipulated community packets. In sure protocols like IMS (IP Multimedia Subsystem), this may be executed remotely from any world location utilizing an IMS consumer.”
What’s extra, the firmware powering the mobile baseband is also susceptible to bugs and errors that, if efficiently exploited, may undermine the safety of the system, notably in situations the place they result in distant code execution.
In a Black Hat USA presentation final August, a group of Google safety engineers described the modem as each a “basic” and “important” smartphone part with entry to delicate information and one which’s distant accessible with numerous radio applied sciences.
Threats to the baseband aren’t theoretical. In October 2023, analysis printed by Amnesty Worldwide discovered that the Intellexa alliance behind Predator had developed a device referred to as Triton to take advantage of vulnerabilities in Exynos baseband software program utilized in Samsung gadgets to ship the mercenary spy ware as a part of extremely focused assaults.
The assault includes conducting a covert downgrade assault that forces the focused system to hook up with the legacy 2G community via a cell-site simulator, following which a 2G base station transceiver (BTS) is used to distribute the nefarious payload.
Google has since launched a brand new safety characteristic in Android 14 that permits IT directors to show off help for 2G mobile networks of their managed gadgets. It has additionally highlighted the position performed by Clang sanitizers (IntSan and BoundSan) in hardening the safety of the mobile baseband in Android.
Then earlier this 12 months, the tech big revealed it is working with ecosystem companions so as to add new methods of alerting Android customers if their mobile community connection is unencrypted and if a bogus mobile base station or surveillance device is recording their location utilizing a tool identifier.
The corporate has additionally outlined the steps it is taking to fight menace actors’ use of cell-site simulators like Stingrays to inject SMS messages straight into Android telephones, in any other case referred to as SMS Blaster fraud.
“This technique to inject messages completely bypasses the provider community, thus bypassing all the delicate network-based anti-spam and anti-fraud filters,” Google famous in August. “SMS Blasters expose a faux LTE or 5G community which executes a single operate: downgrading the consumer’s connection to a legacy 2G protocol.”
A few of the different defenses the corporate has added to its new Pixel 9 lineup embrace stack canaries, control-flow integrity (CFI), and auto-initialization of stack variables to zero to keep away from leakage of delicate information or act as an avenue to achieve code execution.
“Stack canaries are like tripwires arrange to make sure code executes within the anticipated order,” it mentioned. “If a hacker tries to take advantage of a vulnerability within the stack to vary the movement of execution with out being aware of the canary, the canary “journeys,” alerting the system to a possible assault.”
“Just like stack canaries, CFI makes certain code execution is constrained alongside a restricted variety of paths. If an attacker tries to deviate from the allowed set of execution paths, CFI causes the modem to restart reasonably than take the unallowed execution path.
[ad_2]
