One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8591387 |
| Date de publication | 2024-10-03 12:59:54 (vue: 2024-10-03 17:17:07) |
| Titre | Approche proactive de Pixel \\ à la sécurité: aborder les vulnérabilités dans les modems cellulaires Pixel\\'s Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems |
| Texte | Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jover, Ivan Lozano, Android team Pixel phones have earned a well-deserved reputation for being security-conscious. In this blog, we\'ll take a peek under the hood to see how Pixel mitigates common exploits on cellular basebands. Smartphones have become an integral part of our lives, but few of us think about the complex software that powers them, especially the cellular baseband – the processor on the device responsible for handling all cellular communication (such as LTE, 4G, and 5G). Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult. Security researchers have increasingly exploited this attack vector and routinely demonstrated the possibility of exploiting basebands used in popular smartphones. The good news is that Pixel has been deploying security hardening mitigations in our basebands for years, and Pixel 9 represents the most hardened baseband we\'ve shipped yet. Below, we\'ll dive into why this is so important, how specifically we\'ve improved security, and what this means for our users. The Cellular Baseband The cellular baseband within a smartphone is responsible for managing the device\'s connectivity to cellular networks. This function inherently involves processing external inputs, which may originate from untrusted sources. For instance, malicious actors can employ false base stations to inject fabricated or manipulated network packets. In certain protocols like IMS (IP Multimedia Subsystem), this can be executed remotely from any global location using an IMS client. The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors. In the context of the baseband, these software vulnerabilities pose a significant concern due to the heightened exposure of this component within the device\'s attack surface. There is ample evidence demonstrating the exploitation of software bugs in modem basebands to achieve remote code execution, highlighting the critical risk associated with such vulnerabilities. The State of Baseband Security Baseband security has emerged as a prominent area of research, with demonstrations of software bug exploitation featuring in numerous security conferences. Many of these conferences now also incorporate training sessions dedicated to baseband firmware emulation, analysis, and exploitation techniques. Recent reports by security researchers have noted that most basebands lack exploit mitigations commonly deployed elsewhere and considered best practices in software development. Mature software hardening techniques that are commonplace in the Android operating system, for example, are often absent from cellular firmwares of many popular smartphones. There are clear indications that exploit vendors and cyber-espionage firms abuse these vulnerabilities to breach the privacy of individuals without their consent. For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones. Additionally, exploit marketplaces explicitly list ba |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | about absent abundance abuse access accesses achieve across actors additionally address addressing adds advantage: against ahead alerting all allocated allow allowed allows along also ample analysis android any approach arbitrary are area areas around arumuga associated attack attacker attackers attacks auto automatically base baseband basebands become been behavior being below best blog bounds breach buffer bug bugs building but c/c+ calculations can canaries canaries: canary cause causes causing cellular certain cfi change checks chen cheng chung class clear client clint code colleagues combined combining comes commitment common commonly commonplace communication complex component concern conferences connectivity conscious consent considered constantly constrained constraints context control correctly corrupt corruption cram critical curve cyber data day dedicated defenses demonstrated demonstrates demonstrating demonstrations deploy deployed deploying deserved designated detection deus developer development deviate device devices difficult direction dive does dominik done due during earned efforts: eliminate elsewhere emerged emphasis employ emulation ensure entire errors escalate especially espionage estefany eugene evidence example execute executed executes execution expected explicitly exploit exploitable exploitation exploited exploiting exploits exposure external extract fabricated fails false features: featuring firms firmware firmwares flow fold following fortress: from function gain get global good greater hacker handle handling hanna happen hardened hardening harjani has have heightened helps highlighting hines hood how hung hungyen identify identifying important improved ims incorporate incorporated incorrectly increase increasingly incrementally indications individuals industry information inherently initialize initialized inject inputs instance integer integral integrity interpreted involves its ivan jerry johnson jover just kevin lack large larger latest leak leverage like limited list lives location low lozano lte maier makes making malicious malware managing manipulated many marketplaces matter mature maximum may means measures memory mindful mitigates mitigations modem modems morgan most much multimedia nainar negative network networks never news normally not noted now number numbers numerous occur often one operating order originate other outside over overflow overflows packets part patch path paths payouts peek performance phones piqueras pirama pixel placing popular pose possibility posted potential potentially powers practices predator preventing prior privacy privileges pro proactive proactively process processing processor processors program prominent protecting protections protocols rather recent recognizing region relatively remote remotely reports represents reputation research researchers resilience response responsible restart reverse rewards rising risk rodionov roger routinely sami sanitizer sanitizer: security security: see sensitive sessions set shawn shen sherif sherk shipped shipping showcasing significant significantly similar smaller smartphone smartphones software somogyi sources space special specific specifically spill stack state stations stay stephan stephen subset subsystem such suggesting supported suraj sure surface susceptible system take team techniques testing than thanks them these think threat tight tolvanen too tools torres training trends tries trips tripwires unallowed unauthorized under unexpected uninitialized untrusted updated use used users using valery value values variables variables: vector vendors vulnerabilities vulnerability well weng wes what when which who why will within without work working xing xuan yang years yet zero “overflow” |
| Tags | Malware Tool Vulnerability Threat Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.