Paranoid Android

Published May 16, 2019 by Xiph

A long time ago in a galaxy far, far away, androids were heroes in the battle for good against the might of an evil empire

Paranoid Android

The dark side of mobile devices is putting your privacy to the sword

A long time ago in a galaxy far, far away, androids were heroes in the battle for good against the might of an evil empire. Historically, two droids stood out for their gallantry, one accompanied an admittedly inept and infantile pilot to a hostile place called Dagobah to meet a little green Yogi. The other, a blithering fool when speaking English possessed the astonishing faculty for being conversant in over seven million languages. These were the glory days of the android and any self-respecting historian can corroborate these facts on Wookiepedia. But we have now entered sinister times, and the once admirable droid may well have turned to the dark side.

Attacks on Android Vulnerability

The Android Smartphone became extremely popular due to rapidly increasing applications related to gaming, education, business, banking and social networks. It might feel like there’s always a new smartphone on the market with next generation features making your current device feel obsolete. But no matter how many iterations mobile devices go through, they’re in many ways still based on decades-old electronics. In fact, antiquated 20th century telephone tech can be used to carry out decidedly 21st century attacks on many mainstream smartphones.

A team of researchers from the University of Florida, in collaboration with Samsung Research America, discovered that Attention (AT) commands, which date back to the 1980s, can be used to compromise Android devices. These modem and phone line controls originally told phones to dial or hang up a call and so on. Over time, the use of AT commands expanded into modern protocols like SMS texting, 3G, and LTE and even came to include custom commands for activities like launching a camera or controlling a touchscreen on a smartphone. For the full feature click here

Rampage and Guardion – primer on vulnerability

Rampage exploits a critical vulnerability in modern phones that allows apps to gain unauthorised access to the device. While apps are not typically permitted to read data from other apps, a malicious program can craft a Rampage exploit to gain administrative control and access online personal data – your online personal data. Rampage breaks the most fundamental isolation between user applications and the operating system. This attack allows an app to take full administrative control over the device, which clearly has catastrophic consequences for the unfortunate victim of hi tech hacking.

Guardion is an award-winning prototype defence mechanism that prevents Rampage attacks. It prevents an attacker from modifying critical data structures by carefully enforcing a novel isolation policy. Alfonso Munoz of BBVA Next Technologies is concerned about vulnerabilities leading into the future.

“I am absolutely sure that in the next few years new vulnerabilities will surface using this attack vector”, he stated. This is just a snippet, for further details click here

Creating the Decentralised Connectivity Layer

Blockchain technology utilises decentralised computing to create different kinds of networks. However, it is extremely important to be cognisant of the various networks operating in today’s unprecedented digitalised world. To fully understand how decentralised networks function, it is first imperative to become familiar with blockchain technology. This hi-tech scientific know how is the underlying applied-science behind Bitcoin but can also be applied to a multitude of ulterior purposes such as voting!

Essentially, it’s a fully transparent and continuously updated record of the exchange of information through a network of personal computers which saliently, no single entity, corporate behemoth or intelligence agency has ownership over. This decentralisation makes it extremely difficult for anyone to single-handedly hack or corrupt the system, creating a far more trustworthy guarantee and validity in certitude that the exchange of information will be communicated solely between the intended sender and recipient.

“What makes a network decentralised is its ability to fully validate and authenticate transactions without a central decision-making authority. This is achieved by utilising consensus algorithms such as Proof of Work, Byzantine Fault Tolerance, Proof of Stake, and Delegated Proof of Stake”, according to the contributors from the website Coinbundle. Click here for the full text.

Android Phones Telling Google Where You Were Years Ago

If you were in possession of an Android phone as far back as five years ago it was more than feasible, or certainly within the realm of possibility, that it was informing law enforcement agencies of your whereabouts. This is according to a New York Times report highlighted by the Electronic Frontier Foundation (EFF). It’s a little-known technique used by law enforcement to figure out everyone who might have been within certain geographic areas during specific time periods in the past. It employs the use of detailed location data collected by Google from most Android devices as well as iPhones and iPads that have Google Maps installed.

“This data resides in a Google maintained database called ‘Sensorvault’ and because Google stores this data indefinitely, Sensourvault includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade”, the EFF said. Click here for the full story.

So, what does this mean for you? Me? All of us? Simply that if you want to maintain and enjoy the freedom that comes with online security and the accompanying power of choice over who has and uses your data, you’ll need to take that first definitive step yourself. Liberties are being taken and to maintain yours, you may want to call in the experts. Over to you.

Posted in: Security

Get In Touch