Members of Dr. Oren’s Implementation Security Lab.
From left: Amir Cohen, Benyamin Farshteindiker, Yossi Oren, Omer Shwartz
Cyber security researchers at BGU have developed an innovative firewall program that adds a missing layer of security in the communication between Android cellphone components and the phone’s central processing unit (CPU).
Earlier this year, researchers in BGU’s Department of Software and Information Systems Engineering, led by Dr. Yossi Oren, discovered the security vulnerability and alerted Google to help them address the problem.
A paper on the findings (written by Dr. Oren in collaboration with Omer Shwartz, Amir Cohen and Dr. Asaf Shabtai) will be presented at the prestigious Workshop on Offensive Technologies (WOOT) in Vancouver, BC, Canada in mid-August.
Nearly 400 million people have changed their touchscreens or other types of Field Replaceable Units (FRU), such as chargers, battery or sensor assemblies which are all susceptible to significant security breaches. These can include password and financial theft, fraud, malicious photo or video distribution, and unauthorized app downloads.
Since the attack is located outside the phone’s standard storage, it can survive phone factory resets, remote wipes, and firmware updates. Existing security solutions cannot prevent this specific security issue. FRUs communicate over simple interfaces with no authentication mechanisms or error detection capabilities. This problem is especially acute in the Android market where the manufacturing chain is fragmented and difficult to control.
"There is no way for the phone itself to discover that it’s under this type of an attack,” says team research fellow Omer Schwartz. “Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication.”
Dr. Oren and his students developed the breakthrough software to identify and prevent hardware-generated data leaks and hacks. Guided by Dr. Asaf Shabtai, the team uses machine learning algorithms, developed by BGU's world class researchers, to monitor the communication for anomalies that may indicate malicious code. “We are now working on fine tuning the software monitoring capabilities and on ensuring it does not interfere with the use of the phone,” says Dr. Oren.
“Our technology doesn’t require device manufacturers to understand or modify any new code,” adds Dr. Oren. “It’s an FRU interface proxy firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU.”
“The work of Yossi Oren’s team is only the latest invention coming from BGU's Department of Software and Information Systems Engineering,” says Zafrir Levi, Senior VP Business Development at BGN Technologies, the BGU commercialization and technology company. “In the last decade, the Department has spearheaded cyber research, spawning many inventions that have been used worldwide through patents sold to international corporations and by establishing companies.”
BGN provides advanced facilities that enable BGU’s cyber researchers to bring their technologies to market. These include targeted incubators and accelerators, as well as partnerships with international corporations such as IBM, Deutsche Telekom, Leidos, Dell-EMC and PayPal.
The BGU researchers are seeking to further test the patent-pending technology with phone manufacturers.
