The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot feature to make exploitation of firmware flaws more difficult.
The project revealed that it recently reported firmware vulnerabilities in the Android operating system that impact Google Pixel and Samsung Galaxy phones, which could be exploited to steal data and spy on users when the device is not at rest.
In this state, privacy protections are very high and the mobile device is not fully functional because encryption keys are still not available for installed apps to use.
Rebooting the device terminates all temporary states, processes, or activities that could be exploited and requires authentication like PIN, password, or biometric verification to unlock, thereby re-engaging all security mechanisms.
Although GrapheneOS devs have not shared many details about the exploited firmware bugs, they proposed a generic mitigation that would work well in most cases: an auto-reboot feature that is already present in their operating system.
The idea is to minimize the window of opportunity for attackers and disrupt existing compromises by resetting all protection systems on the device more frequently than a user would.
GrapheneOS' auto-reboot system resets the device every 72 hours but as the OS maker comments, this is too long a period and they plan to reduce it.
GrapheneOS also notes that flight modes on smartphones that people assume reduce the attack surface often still allow data exchange via Wi-Fi, Bluetooth, NFC, and USB Ethernet, so depending on the attack vector, it may not be an effective protection measure.
The developers touch on the topic of PIN/password security and its relation to the device's encryption and security systems, as these authentication methods are used as keys to encrypt device data.
Secure element throttling is vital for securing short PINs and passphrases against stealthy brute forcing that could unlock not just the screen but also the secure enclave on the device's chip.
BleepingComputer has reached out to the GrapheneOS team and Google to learn more about the discovered vulnerabilities, their impact, and observed exploitation cases.
Frequently rebooting your Android or iOS device has been touted as a good idea for fixing problems such as heating, memory, or even call signal but also.
From a security perspective, this action can protect from illegal data recovery or mobile threats that do not have effective persistence mechanisms.
Google Search bug shows blank page in Firefox for Android.
New Xamalicious Android malware installed 330k times on Google Play.
iPhone Triangulation attack abused undocumented hardware feature.
Roid malware Chameleon disables Fingerprint Unlock to steal PINs.
Ten new Android banking trojans targeted 985 bank apps in 2023.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 14 Jan 2024 19:40:08 +0000