BEER-SHEVA, Israel, June 28, 2017– Cyber security researchers at Ben-Gurion University of the Negev (BGU) have developed an innovative firewall program that adds a missing layer of security in communication between Android cellphone components and its central processing unit (CPU).
Earlier this year, researchers in the BGU Department of Software and Information Systems Engineering (ISE), led by Senior Lecturer Dr. Yossi Oren, discovered the security vulnerability and alerted Google to help them address the problem.
A paper on the findings (written by Dr. Oren in collaboration with Omer Shwartz, Amir Cohen and Dr. Asaf Shabtai) will soon be presented at the prestigious Workshop on Offensive Technologies (WOOT) in Vancouver, BC, Canada.
Nearly 400 million people have changed their touchscreens or other type of Field Replaceable Units (FRU), such as chargers, battery or sensor assemblies which are all susceptible to significant security breaches. These can include password and financial theft, fraud, malicious photo or video distribution, and unauthorized app downloads.
Since the attack is located outside the phone's standard storage, it can survive phone factory resets, remote wipes, and firmware updates. Existing security solutions cannot prevent this specific security issue. FRUs communicate over simple interfaces with no authentication mechanisms or error detection capabilities. This problem is especially acute in the Android market where manufacturing chain is fragmented and difficult to control.
"There is no way for the phone itself to discover that it's under this type of an attack," says team research fellow Omer Schwartz. “Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication."
Dr. Oren and his students developed the breakthrough software to identify and prevent hardware-generated data leaks and hacks. The team uses machine learning algorithms, developed by BGU's world class researchers, to monitor the communication for anomalies that may indicate malicious code. “We are now working on fine tuning the software monitoring capabilities and on ensuring it does not interfere with the use of the phone," says Dr. Oren.
“Our technology doesn't require device manufacturers to understand or modify any new code," adds Dr. Oren. “It's an FRU interface proxy firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU."
“The work of Yossi Oren's team is only the latest invention coming from the BGU's ISE department," says Zfrir Levi, Senior VP Business Development at BGN Technologies, the BGU commercialization and technology transfer company. “In the last decade, the ISE Department has spearheaded cyber research, spawning many inventions that have been used worldwide through patents sold to international corporations and by establishing companies."
BGN provides advanced facilities that enable BGU cyber researchers to bring their technologies to market. These include targeted incubators and accelerators, as well as partnerships with international corporations such as IBM, Deutch Telekom, Laidos, EMD and PayPal.
The BGU researchers are seeking to further test the patent-pending technology with phone manufacturers.
About BGN Technologies
BGN Technologies is the commercialization and technology transfer company of Ben-Gurion University. BGN Technologies is responsible for the commercialization of knowledge and inventions of the University's researchers and students. Through creative partnering with industry and investors, providing business development services, and developing advanced tools (such startup incubators, accelerators, innovation hubs and a fast-growing high-tech park adjacent to the University's campus), BGN brings value to Ben-Gurion University, to its researchers and to the marketplace.
Ehud Zion-Waldoks,Liaison to the Foreign Press, Ben-Gurion University of the Negev, firstname.lastname@example.org, Tel. +972-54-677-5564
The Department of Software and Information Systems Engineering (ISE) at Ben-Gurion University (BGU) of the Negev is the largest information systems school in Israel and is a major part of Ben Gurion University's emphasis on driving world-class research in cyber space security. Research at ISE includes advanced areas of information technologies such as machine learning and data mining, information security and assurance, artificial intelligence, and medical informatics. ISE researchers and students have contributed many inventions that have been used for the benefit of millions of people worldwide.