Cyber security researchers at Ben-Gurion University have developed a new firewall program for Android phones that serves to repair certain security vulnerabilities found in these mobile devices.
The program, developed by Dr. Yossi Oren and his students, adds a missing layer of security in the communication between Android cell phone components and the central processing unit (CPU). The researchers developed the fix after they discovered the security breach earlier this year and alerted Google to help them address the problem, according to the university.
“We are now working on fine tuning the software monitoring capabilities and on ensuring it does not interfere with the use of the phone,” said Oren, whose lab is housed in the software and information systems engineering department.
The vulnerability pinpointed by the Oren and his team is located outside the phone’s standard storage mechanism – in the “field-replaceable units” (FRUs), such as touchscreens, charger, batteries or sensor assemblies. Field-replaceable units are susceptible to significant security breaches, including password and financial theft, fraud, malicious photo or video distribution and unauthorized app downloads, the researchers explained.
Existing security solutions cannot prevent this type of attack, which can survive phone factory resets, remote wipes and firmware updates, the researchers said. The problem, they continued, is particularly acute in the Android market because the manufacturing chain is fragmented and difficult to control.
“There is no way for the phone itself to discover that it’s under this type of an attack,” said research fellow Omer Schwartz. “Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication.”
The team members have developed a type of software capable of identifying and preventing hardware-generated data leaks and hacks. To do so, the researchers said they employed machine learning algorithms to monitor the communications for anomalies that may indicate malicious code.
“Our technology doesn’t require device manufacturers to understand or modify any new code,” Oren said. “It’s an FRU interface proxy firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU.”
The researchers are seeking to further test their patent-pending technology with phone manufacturers, a statement from the group added.