The concern with phone components, like touchscreens, chargers, and battery and sensor assemblies is that many smartphone users replace these parts during the lifetime of their device. Each time they do the device’s original security setting are compromised. This is because these units communicate with the phone CPU across a simple interface that has no authentication mechanisms or error detection capabilities.
These units are referred to as “field-replaceable units” because they can be replaced by users themselves or a retailer. These units (consist of a printed circuit board, part, or assembly that can be quickly and easily removed from a computer or other piece of electronic equipment.
To address this problem cyber security researchers have developed a new type of firewall program that provides the missing layer of security against attack from a malicious code. The firewall has been designed Android devices.
The firewall has been developed by researchers at the Ben-Gurion University of the Negev, by a team led by Dr. Yossi Oren. It was Dr. Oren who discovered the security vulnerability with the internal communications that take place between an Android cellphone’s components and the device’s central processing unit.
The weakness arises should a malicious vendor add a compromised unit to a smartphone. This would leave the device vulnerable to password theft or a similar type of nefarious activity, such as photo or video distribution or unauthorized app downloads. Some types of unit tampering could survive phone factory resets; or other attempts at maintaining security through remote wipes or firmware updates.
The security flaw came about after the researchers used machine learning algorithms to assess the internal communications within Android smartphones for security risks and anomalies, especially those would signal a malicious code.
The solution is likely to please device manufacturers as much as users, as Dr. Oren explains: “Our technology doesn’t require device manufacturers to understand or modify any new code. It’s a firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU.”
Dr. Oren plans to unveil his firewall at the Workshop on Offensive Technologies, which will take place in Vancouver, Canada during August 2017.
