Cyber security researchers at Ben-Gurion University of the Negev (BGU) developed an innovative firewall program that adds a missing layer of security in Android cellphones and monitors for malicious code.
Earlier this year, Dr. Yossi Oren and his team of researchers in the BGU Department of Software and Information Systems Engineering (ISE), discovered a security vulnerability in the internal communications between Android cellphone components and a phone's central processing unit (CPU). They alerted Android developer Google and helped the global company address the problem.
Cellphone parts harboring malicious code can be surreptitiously placed in various replaceable phone components, compromising user data and security. Ben-Gurion University of the Negev researchers areThe researchers are seeking to further test the patent-pending technology with phone manufacturers.
Credit: Ben-Gurion U.
"Our technology doesn't require device manufacturers to understand or modify any new code," says Dr. Oren. "It's a firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU."
Some 400 million people change their phone's components, such as touchscreens, chargers, and battery or sensor assemblies, which are all susceptible to significant security breaches and attacks. These components, referred to as "field replaceable units (FRUs)," communicate with the phone CPU over simple interfaces with no authentication mechanisms or error detection capabilities.
A malicious vendor could add a compromised FRU to a phone, leaving it vulnerable to password and financial theft, fraud, malicious photo or video distribution, and unauthorized app downloads.
"This problem is especially acute in the Android market with many manufacturers that operate independently," the researchers say. "An attack of this type occurs outside the phone's storage area; it can survive phone factory resets, remote wipes and firmware updates. Existing security solutions cannot prevent this specific security issue."
Researcher Omer Schwartz adds, "There is no way for the phone itself to discover that it's under this type of an attack. Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication."
The research team used machine learning algorithms to monitor the phones' internal communications for anomalies that may indicate malicious code. Their software allowed them to identify and prevent hardware-generated data leaks and hacks.
A paper on the discovery and the new software will be presented at the prestigious Workshop on Offensive Technologies in Vancouver, Canada this August. Dr. Oren and Dr. Asaf Shabtai collaborated on the paper along with research students Omer Shwartz and Amir Cohen.
"The work of Dr. Oren's team is the latest invention from ISE at BGU," says Zafrir Levi, senior vice president of business development at BGN Technologies, the University's commercialization and technology transfer company. "In the last decade, ISE has spawned many inventions that have been used worldwide through patents sold to international corporations and by start-up companies."
The researchers are seeking to further test the patent-pending technology with phone manufacturers.
About American Associates, Ben-Gurion University of the Negev
American Associates, Ben-Gurion University of the Negev (AABGU) plays a vital role in sustaining David Ben-Gurion's vision: creating a world-class institution of education and research in the Israeli desert, nurturing the Negev community and sharing the University's expertise locally and around the globe. As Ben-Gurion University of the Negev (BGU) looks ahead to turning 50 in 2020, AABGU imagines a future that goes beyond the walls of academia. It is a future where BGU invents a new world and inspires a vision for a stronger Israel and its next generation of leaders. Together with supporters, AABGU will help the University foster excellence in teaching, research and outreach to the communities of the Negev for the next 50 years and beyond. Visit vision.aabgu.org to learn more.
AABGU, headquartered in Manhattan, has nine regional offices throughout the United States. For more information, visit http://www.
Andrew Lavin | EurekAlert!
NASA CubeSat to test miniaturized weather satellite technology
10.11.2017 | NASA/Goddard Space Flight Center
New approach uses light instead of robots to assemble electronic components
08.11.2017 | The Optical Society
The formation of stars in distant galaxies is still largely unexplored. For the first time, astron-omers at the University of Geneva have now been able to closely observe a star system six billion light-years away. In doing so, they are confirming earlier simulations made by the University of Zurich. One special effect is made possible by the multiple reflections of images that run through the cosmos like a snake.
Today, astronomers have a pretty accurate idea of how stars were formed in the recent cosmic past. But do these laws also apply to older galaxies? For around a...
Just because someone is smart and well-motivated doesn't mean he or she can learn the visual skills needed to excel at tasks like matching fingerprints, interpreting medical X-rays, keeping track of aircraft on radar displays or forensic face matching.
That is the implication of a new study which shows for the first time that there is a broad range of differences in people's visual ability and that these...
Computer Tomography (CT) is a standard procedure in hospitals, but so far, the technology has not been suitable for imaging extremely small objects. In PNAS, a team from the Technical University of Munich (TUM) describes a Nano-CT device that creates three-dimensional x-ray images at resolutions up to 100 nanometers. The first test application: Together with colleagues from the University of Kassel and Helmholtz-Zentrum Geesthacht the researchers analyzed the locomotory system of a velvet worm.
During a CT analysis, the object under investigation is x-rayed and a detector measures the respective amount of radiation absorbed from various angles....
The quantum world is fragile; error correction codes are needed to protect the information stored in a quantum object from the deteriorating effects of noise. Quantum physicists in Innsbruck have developed a protocol to pass quantum information between differently encoded building blocks of a future quantum computer, such as processors and memories. Scientists may use this protocol in the future to build a data bus for quantum computers. The researchers have published their work in the journal Nature Communications.
Future quantum computers will be able to solve problems where conventional computers fail today. We are still far away from any large-scale implementation,...
Pillared graphene would transfer heat better if the theoretical material had a few asymmetric junctions that caused wrinkles, according to Rice University...
15.11.2017 | Event News
15.11.2017 | Event News
30.10.2017 | Event News
17.11.2017 | Physics and Astronomy
17.11.2017 | Health and Medicine
17.11.2017 | Studies and Analyses