September 24, 2023

Google has introduced that Android would be the first cellular working system to introduce superior mobile safety mitigations. These new safety features can be accessible for each customers and enterprises. In a weblog put up, the tech big has confirmed that Android 14 will introduce help for IT directors to disable 2G help of their managed system fleet. The corporate additionally stated that Android 14 can even introduce a characteristic that may disable help for null-ciphered mobile connectivity.

How Google is rising community safety on Android
To maintain customers protected from community packet injection, tampering, or eavesdropping on person visitors, the Android Safety Mannequin will assume that every one networks are hostile. The cellular working system received’t depend on link-layer encryption to handle this risk mannequin. Quite, Android will be certain that all community visitors are be end-to-end encrypted (E2EE).

The hyperlink layer has some safety and privateness challenges for customers who’re linked to mobile networks for his or her communications. To trigger hurt to customers, False Base Stations (FBS) and Stingrays exploit weaknesses in mobile telephony requirements. Furthermore, smartphones don’t know the legitimacy of the mobile base station earlier than trying to hook up with it. Attackers exploit this in a number of methods, starting from visitors interception and malware sideloading to dragnet surveillance.

Android 14 can be strict in opposition to mobile telephony and can sort out the danger offered by 2G networks, t null ciphers and different false base station (FBS) threats. Google can even enhance baseband safety with its ecosystem companions.

2G connectivity and its safety dangers
Because the 5G adoption will increase, 2G connectivity is progressively turning into out of date. Nevertheless, all current cellular gadgets nonetheless have help for 2G and may hook up with a 2G community when accessible.

Hackers can remotely set off an assault the place it should silently induce gadgets to downgrade to 2G-only connectivity. This can be certain that the gadgets ignore any non-2G community. The older 2G networks don’t present the identical degree of safety as subsequent cellular generations. The connectivity protocol additionally lacks mutual authentication, which allows trivial Particular person-in-the-Center assaults.

What’s the Stingray an infection?
Stingrays are surveillance and interception instruments that can be utilized in a number of situations. Starting from doubtlessly sideloading Pegasus malware into telephones to a classy phishing scheme that allegedly impacted lots of of 1000’s of customers with a single FBS. This Stingray-based fraud assault, which probably downgraded system’s connections to 2G to inject SMSishing payloads, has highlighted the dangers of 2G connectivity.

To deal with this threat, Android 12 launched a brand new characteristic that allows customers to disable 2G on the modem degree. Pixel 6 was the primary system to undertake this characteristic and it’s now supported by all Android gadgets that conform to Radio HAL 1.6+. This characteristic was designed to make sure that customers usually are not impacted when making emergency calls.

Learn Additionally

Google starts rolling out QampampA moderation in Meet
Google will now defend against 5 billion privacy lawsuit All details

Different safety features coming to Android 14
The upcoming Android launch can even sort out the danger of mobile null ciphers. All IP-based person visitors is protected and E2EE by the Android platform, nonetheless, mobile networks expose circuit-switched voice and SMS visitors.

These two specific visitors varieties are protected solely by the mobile hyperlink layer cipher, which is managed by the community with out transparency to the person. Which means the community decides whether or not visitors is encrypted and the person has no visibility into whether or not it’s being encrypted.

Google provides that current experiences recognized the utilization of null ciphers in industrial networks. This uncovered person voice and SMS visitors (equivalent to One-Time Password) to over-the-air interception.

Furthermore, some industrial Stingrays can trick gadgets into believing that ciphering is just not supported by the community, thus downgrading the connection to a null cipher and enabling visitors interception.

Android 14 will introduce a person choice to disable help, on the modem-level, for null-ciphered connections. Equally to 2G controls, customers will nonetheless have the ability to place emergency calls over an unciphered connection.

This performance will enhance communication privateness for gadgets that undertake the most recent radio {hardware} abstraction layer (HAL). Google claims that this new connectivity safety characteristic to be accessible in additional gadgets over the following few years as it’s adopted by Android OEMs.


High Remark

Pradip Madgaonkar

24 days in the past

Android 14 additionally introduces a characteristic that disables help for null-ciphered mobile connectivity.Hardening community safety on Android.2G and a historical past of inherent safety threat.Mitigating 2G safety dangers for enterprises.Additionally in Android 14.Persevering with to companion to lift the trade bar for mobile safety.

finish of article