Cellphone hackers could be stopped dead in their tracks by an innovative firewall developed by cybersecurity researchers at Ben-Gurion University of the Negev (BGU). The new firewall adds a missing layer of critical security for Android phones and also monitors for malicious coding.
The program was developed after a security vulnerability in the internal communications between Android components and a phone’s central processing unit (CPU) was discovered by BGU’s Dr. Yossi Oren and his team of researchers in the BGU Department of Software and Information Systems Engineering (SISE). They immediately contacted senior Android developers at Google headquarters in Mountain View, California, to help the global communications company address the problem.
“Our technology doesn’t require phone device manufacturers to modify any new code,” says Dr. Oren. “It’s a firewall that can be implemented within a tiny chip, or as an independent software module running on the CPU.”
The new software was designed to combat the vulnerability that arises when consumers replace and/or upgrade their cellphone components. Some 400 million cellphone consumers regularly change their phone’s components, such as touchscreens, chargers, and battery or sensor assemblies, which are all susceptible to significant security breaches and attacks.
“This problem is especially acute in the Android market, which has many manufacturers operating independently,” the researchers claim. “An attack of this type occurs outside the phone’s storage area. It can survive phone factory resets, remote wipes and firmware updates. Existing security solutions cannot prevent this specific issue.”
Omer Shwartz, a member of Oren’s research team, adds, “There is no way for the phone system to detect that it’s under this type of an attack. Our solution monitors all the incoming and outgoing communications to prevent a malicious or misconfigured FRU [field replacement unit aka printed circuit board] from compromising the code running on the CPU.”
The researchers used machine learning algorithms to monitor the phones’ internal communications for anomalies that could indicate malicious code. Their software allowed them to identify and prevent hardware-generated data leaks and hacks.
“During the last decade, BGU’s SISE unit has spawned many inventions that have been used worldwide through patents sold to international corporations and by startup companies. The work of Dr. Oren’s team is the latest invention,” says Zafrir Levi, senior vice president of business development at BGN Technologies, the university’s commercialization and technology transfer company.
The researchers are currently conducting more tests on the patent-pending technology with phone manufacturers.
Together with supporters, AABGU is helping Ben-Gurion University of the Negev foster excellence in teaching, research and outreach to the communities of the Negev, sharing cutting-edge innovation from the desert for the world. Visit aabgu.org to learn more.