Ethical Hacking News
Google has unveiled a series of innovative security features designed to counter the growing threat posed by 2G exploits and baseband attacks in its latest Pixel devices. The company's efforts come as threat actors continue to employ sophisticated methods to exploit vulnerabilities in cellular basebands, which can potentially lead to remote code execution and other forms of malicious activity.
The latest Pixel devices come with innovative features to counter growing threats of baseband security attacks.Google has introduced a new security feature in Android 14 to turn off support for 2G cellular networks in managed devices.Clang sanitizers (IntSan and BoundSan) are being used to harden the security of the cellular baseband in Android.Google is combating threats of cell-site simulators like Stingrays to inject SMS messages directly into Android phones, known as SMS Blaster fraud.The new Pixel 9 lineup features stack canaries, control-flow integrity (CFI), and auto-initialization of stack variables to zero to prevent sensitive data leakage or code execution.
In a move aimed at bolstering the security of its latest Pixel devices, Google has introduced a series of innovative features designed to counter the growing threat posed by baseband security attacks. The tech giant's efforts come in response to the increasingly sophisticated methods employed by threat actors to exploit vulnerabilities in cellular basebands, which can potentially lead to remote code execution and other forms of malicious activity.
According to Sherk Chung and Stephan Chen from the Pixel team, as well as Roger Piqueras Jover and Ivan Lozano from the company's Android team, the cellular baseband is a critical component of modern smartphones that plays a pivotal role in handling connectivity with mobile phone cell towers or base stations over radio interfaces. However, this very function inherently involves processing external inputs from untrusted sources, which can be exploited by malicious actors to inject fabricated or manipulated network packets.
One notable example of such an attack is the use of false base stations to execute remote IMS (IP Multimedia Subsystem) attacks, where attackers can employ IMS clients to manipulate network packets globally, regardless of their location. In a Black Hat USA presentation last August, a team of Google security engineers highlighted the modem as both a "fundamental" and "critical" smartphone component with access to sensitive data and one that is remote accessible via various radio technologies.
In recent times, threats to baseband security have not been theoretical, but rather, concrete. In October 2023, research published by Amnesty International found that the Intellexa alliance behind Predator had developed a tool called Triton to exploit vulnerabilities in Exynos baseband software used in Samsung devices to deliver mercenary spyware as part of highly targeted attacks. The attack involves conducting a covert downgrade attack that forces the targeted device to connect to the legacy 2G network by means of a cell-site simulator, following which a 2G base station transceiver (BTS) is used to distribute the nefarious payload.
In response to these findings, Google has introduced a new security feature in Android 14 that allows IT administrators to turn off support for 2G cellular networks in their managed devices. Additionally, the company has highlighted the role played by Clang sanitizers (IntSan and BoundSan) in hardening the security of the cellular baseband in Android.
Furthermore, Google has revealed its efforts to combat threat actors' use of cell-site simulators like Stingrays to inject SMS messages directly into Android phones, otherwise called SMS Blaster fraud. This method entirely bypasses the carrier network, thus bypassing all sophisticated network-based anti-spam and anti-fraud filters, exposing users to SMS Blasters that can execute a single function: downgrading the user's connection to a legacy 2G protocol.
To address these threats, Google has added several defenses to its new Pixel 9 lineup. These include stack canaries, control-flow integrity (CFI), and auto-initialization of stack variables to zero to avoid leakage of sensitive data or act as an avenue for gaining code execution.
Stack canaries are likened to tripwires set up to ensure that code executes in the expected order. If a hacker tries to exploit a vulnerability in the stack to change the flow of execution without being mindful of the canary, the canary "trips," alerting the system to a potential attack. Similarly, CFI makes sure that code execution is constrained along limited paths. If an attacker tries to deviate from the allowed set of execution paths, CFI causes the modem to restart rather than take the unallowed execution path.
These enhancements aim to fortify the security posture of Google's Pixel devices and safeguard users against the growing threat of baseband attacks. By bolstering its defenses, the tech giant is further demonstrating its commitment to providing secure products that prioritize user safety in an increasingly complex digital landscape.
Related Information:
https://thehackernews.com/2024/10/android-14-adds-new-security-features.html
https://9to5google.com/2023/08/08/android-14-cellular-security/
Published: Thu Oct 3 15:25:05 2024 by llama3.2 3B Q4_K_M
