New Firewall Claimed to Better Protect Android Devices From Threats

[Batu69]

Scientists have developed an innovative firewall programme that can protect smartphones from malicious codes and security threats.

Earlier this year, researchers from the Ben-Gurion University of the Negev (BGU) in Israel discovered a security vulnerability in the internal communications between Android cellphone components and a phone's central processing unit (CPU).

 

They alerted Android developer Google and helped the company address the problem.

"Our technology doesn't require device manufacturers to understand or modify any new code," said Yossi Oren from BGU. "It's a firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU," said Oren.

 

Some 400 million people change their phone's components, such as touchscreens, chargers, and battery or sensor assemblies, which are all susceptible to significant security breaches and attacks.

 

These components, referred to as "field replaceable units (FRUs)," communicate with the phone CPU over simple interfaces with no authentication mechanisms or error detection capabilities.

 

A malicious vendor could add a compromised FRU to a phone, leaving it vulnerable to password and financial theft, fraud, malicious photo or video distribution, and unauthorised app downloads.

 

"This problem is especially acute in the Android market with many manufacturers that operate independently," researchers said.

"An attack of this type occurs outside the phone's storage area; it can survive phone factory resets, remote wipes and firmware updates. Existing security solutions cannot prevent this specific security issue," they said.

 

"There is no way for the phone itself to discover that it's under this type of an attack. Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication," said Omer Schwartz from BGU.

 

The research team uses machine learning algorithms to monitor the phones' internal communications for anomalies that may indicate malicious code.

The software allowed them to identify and prevent hardware-generated data leaks and hacks. The researchers are seeking to further test the patent-pending technology with phone manufacturers.

 

Article source

[PafoH]

Hope Nsaners will get a copy of that software before others

[LeetPirate]

1 hour ago, Batu69 said:

"Our technology doesn't require device manufacturers to understand or modify any new code," said Yossi Oren from BGU. "It's a firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU," said Oren.

Sounds like high tech spyware magix and tracking sorcery.

I feel like phones would not even need this type of tech if the manufacturers would support OTA updates for at least 5 years but instead we get bloatware and spyware forced on us by the OEMs and Carriers. The updates don't even need to be feature updates but rather security updates just for the sake of patching vulnerabilities.

[DKT27]

On 1/7/2017 at 10:19 PM, LeetPirate said:

Sounds like high tech spyware magix and tracking sorcery.

I feel like phones would not even need this type of tech if the manufacturers would support OTA updates for at least 5 years but instead we get bloatware and spyware forced on us by the OEMs and Carriers. The updates don't even need to be feature updates but rather security updates just for the sake of patching vulnerabilities.

 

Security updates, in my view, should be mandatory for Android versions for atleast a few years. But who is make the rules, Google itself acts all idiotic and limits the Android updates to 2 years and security updates for 3 years on it's own phones I think.

[Holmes]

Each android phone has a lifecycle just like each version of windows I think my samsung galaxy SFive lifecycle is close to being done.  I have received many security updates and Im running Marshmellow I want the new android nougat update I dont think my Samsung Galaxy SFive is going to get it.

[steven36]

On undefined at 2:02 PM, DKT27 said:

Google itself acts all idiotic and limits the Android updates to 2 years and security updates for 3 years on it's own phones I think.

That's what they call job security making sure you need to buy a new phone every 2 or 3 years   they dont want too end up like windows ...

 

 

5 hours ago, Holmes said:

Each android phone has a lifecycle just like each version of windows

Bad comparison  while windows have a deadline  about any PC that came with vista and higher can work with windows 10 ..   you just  upgrade or change windows same device  ..I have a SYX  tower that came with  Vista free upgrade too windows 7 in the mail that I upgraded to Windows 10 for free and rolled it back to Windows 7. Smart phones are selling hand over foot for years now while PCs have not sold good since they released Windows 8 because of 10 years of windows 7 support and a year of free upgrades too Windows 10.

 

 

Also every Linux desktop OS is a free upgrade same hardware when it run out of updates you just upgrade you're OS. They are many who runs Linux Mint 18 on old XP boxes that came with  a Pentium 4.  But in places like the USA were most lease there smart phones from there carrier none of this matters they just get a new phone every so often but then again phones are not cheap like in other places of the world so Apple is giving Android  a run for it's money.

 

Virgin Mobile USA has stopped selling Android phones entirely

 

Quote

Virgin Mobile has been a popular pre-paid wireless carrier in the United States for a while now, using Sprint's network as a backend. As with most carriers in the US, both iPhones and Android devices were available to customers. However, Virgin has now partnered with Apple and will only offer iPhones moving forward.

http://www.androidpolice.com/2017/06/21/virgin-mobile-usa-stopped-selling-android-phones-entirely/

Most carriers  in the USA offer plains for technophiles  who think they need the latest bells and  whistles  and  it's really a rip off  but were they  just pay by the month they go for it . They never get there phone paid for they just trade it in for a new one.

http://www.bankrate.com/finance/smart-spending/are-smartphone-upgrade-plans-worth-cost.aspx