Google Enhances Pixel Device Security Against Baseband Attacks October 3, 2024October 5, 2024 Google has announced the implementation of various security measures in its latest Pixel devices to address the increasing threat of baseband security attacks. The cellular baseband, or modem, is a critical processor responsible for managing connectivity across various networks, including LTE, 4G, and 5G, by interfacing with mobile phone cell towers over radio frequencies. Addressing Baseband Vulnerabilities Sherk Chung and Stephan Chen from the Pixel team, along with Roger Piqueras Jover and Ivan Lozano from the Android team, emphasized the inherent risks associated with the baseband’s functionality. “This function inherently involves processing external inputs, which may originate from untrusted sources,” they noted. Malicious actors can exploit this vulnerability by employing false base stations to inject fabricated or manipulated network packets. In certain protocols, such as the IP Multimedia Subsystem (IMS), malicious actors can execute these attacks remotely from any location worldwide using an IMS client. The firmware that powers the cellular baseband may also be susceptible to bugs and errors, which, if exploited, could compromise device security, particularly in scenarios leading to remote code execution. During a presentation at Black Hat USA last August, Google security engineers described the modem as both a “fundamental” and “critical” component of smartphones, with access to sensitive data and remote accessibility through various radio technologies. New Security Features in Android 14 The threats to baseband security are not merely theoretical. Research published by Amnesty International in October 2023 revealed that the Intellexa alliance, responsible for the Predator spyware, developed a tool named Triton to exploit vulnerabilities in Exynos baseband software used in Samsung devices. This tool enables highly targeted attacks through covert downgrade attacks that force devices to connect to legacy 2G networks via cell-site simulators, subsequently using a 2G base station transceiver (BTS) to deliver malicious payloads. In response to these threats, Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks on managed devices. The company has also highlighted the role of Clang sanitizers (IntSan and BoundSan) in enhancing the security of the cellular baseband within Android. Collaboration for Enhanced User Security Earlier this year, Google announced its collaboration with ecosystem partners to develop new methods for alerting Android users when their cellular network connection is unencrypted or when a fraudulent cellular base station or surveillance tool is attempting to track their location using a device identifier. Furthermore, Google has outlined its efforts to combat the use of cell-site simulators, such as Stingrays, which can inject SMS messages directly into Android devices, a practice known as SMS Blaster fraud. “This method to inject messages entirely bypasses the carrier network, thus circumventing sophisticated network-based anti-spam and anti-fraud filters,” Google explained in August. “SMS Blasters expose a fake LTE or 5G network that executes a single function: downgrading the user’s connection to a legacy 2G protocol.” Advanced Defenses in the Pixel 9 Lineup Among the additional defenses incorporated into the new Pixel 9 lineup are stack canaries, control-flow integrity (CFI), and the automatic initialization of stack variables to zero, all aimed at preventing the leakage of sensitive data and thwarting potential code execution exploits. “Stack canaries are like tripwires set up to ensure code executes in the expected order,” Google stated. “If a hacker attempts to exploit a vulnerability in the stack to alter the flow of execution without considering the canary, the canary ‘trips,’ alerting the system to a potential attack.” Similarly, CFI ensures that code execution is constrained to a limited number of paths. If an attacker attempts to deviate from the permitted execution paths, CFI triggers a restart of the modem, preventing unauthorized execution. Through these comprehensive security enhancements, Google aims to fortify its Pixel devices against the evolving landscape of baseband security threats. Check out more articles related to cyber security Cyber Security Android SecurityCyber SecurityGoogle PixelSecurityVulnerabilities