Cybersecurity researchers at Ben-Gurion University of the Negev (BGU) have developed an innovative firewall program that adds a missing layer of security in the communication between Android smartphone components and the phone’s central processing unit (CPU), reports the university in Israel’s southern city of Beersheva.
The researchers in BGU’s Department of Software and Information Systems Engineering, led by Yossi Oren, earlier this year announced the security vulnerability and alerted Google to help them address the problem.
The researchers’ findings — written by Oren, in collaboration with Omer Shwartz, Amir Cohen and Asaf Shabtai – will be presented at the Workshop on Offensive Technologies (WOOT) in Vancouver, Canada in mid-August.
More than half a dozen cyber experts from Israel will be taking part in the WOOT conference, including Sofia Belikovetsky, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov and Yuval Elovici, all of Ben-Gurion University of the Negev; as well as Roee Hay of Aleph Research/HCL Technologies.
“The work of Yossi Oren’s team is only the latest invention coming from BGU’s Department of Software and Information Systems Engineering,” says Zafrir Levi, Senior VP Business Development at BGN Technologies, the BGU commercialization and technology company.
“In the last decade, the department has spearheaded cyber research, spawning many inventions that have been used worldwide through patents sold to international corporations and by establishing companies.”
White-hat hackers
Nearly 400 million people have changed their touchscreens or other types of field replaceable units (FRUs), such as chargers, battery or sensor assemblies that are all susceptible to significant security breaches. These can include password and financial theft, fraud, malicious photo or video distribution, and unauthorized app downloads.
The BGU researchers explain that since the attack is located outside the phone’s standard storage, it can survive phone factory resets, remote wipes and firmware updates. And crucially, existing security solutions cannot prevent this specific security issue.
FRUs communicate over simple interfaces with no authentication mechanisms or error detection capabilities. This problem is especially acute in the Android market where the manufacturing chain is fragmented and difficult to control, say the researchers.
“There is no way for the phone itself to discover that it’s under this type of an attack,” says team research fellow Schwartz. “Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication.”
The BGU team developed the breakthrough software to identify and prevent hardware-generated data leaks and hacks. The team uses machine-learning algorithms, developed by BGU’s researchers, to monitor the communication for anomalies that may indicate malicious code.
“We are now working on fine-tuning the software monitoring capabilities and on ensuring it does not interfere with the use of the phone,” says Oren.
BGU’s Department of Software and Information Systems Engineering is the largest information systems department in Israel. Its research includes advanced areas such as machine learning and data mining, information security and assurance, artificial intelligence and medical informatics.
“Our technology doesn’t require device manufacturers to understand or modify any new code,” Oren says. “It’s an FRU interface proxy firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU.”
Now the BGU researchers are seeking to further test the patent-pending technology with phone manufacturers.