Google Introduces Fresh Pixel Security Enhancements to Prevent 2G Breaches and Baseband Assaults

AndyC 4 October 2024

Oct 03, 2024Ravie LakshmananMobile Security / Technology

Google has unveiled the various protective measures that have been integrated into its latest Pixel gadgets to thwart the increasing risk posed by baseband security breaches.

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Oct 03, 2024Ravie LakshmananMobile Security / Technology

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google has unveiled the various protective measures that have been integrated into its latest Pixel gadgets to thwart the increasing risk posed by baseband security breaches.

The cellular baseband (for example, modem) denotes a processor on the gadget that is accountable for managing all connections, like LTE, 4G, and 5G, with a mobile phone cell tower or base station via a radio interface.

“This function inherently entails processing external inputs, which may arise from untrusted origins,” Sherk Chung and Stephan Chen from the Pixel team, and Roger Piqueras Jover and Ivan Lozano from the company’s Android team articulated in a blog post shared with The Hacker News.

“For example, malicious actors can utilize false base stations to insert altered or falsified network packets. In specific protocols like IMS (IP Multimedia Subsystem), this can be carried out remotely from any global location employing an IMS client.”

Cybersecurity

Furthermore, the software propelling the cellular baseband could also be exposed to flaws and mistakes that, if successfully manipulated, could jeopardize the security of the gadget, especially in scenarios where they result in remote code execution.

In a Black Hat USA presentation last August, a team of Google security technologists stated the modem as both an “essential” and “crucial” smartphone element with access to confidential data and one that is remotely reachable with assorted radio technologies.

The hazards to the baseband are not hypothetical. In October 2023, research disseminated by Amnesty International revealed that the Intellexa coalition behind Predator had engineered a tool called Triton to exploit vulnerabilities in Exynos baseband software employed in Samsung devices to distribute the clandestine spyware as part of precisely targeted assaults.

The assault involves executing a concealed downgrade maneuver that prompts the targeted gadget to hook up to the outdated 2G network through a cell-site simulator, following which a 2G base station transceiver (BTS) is applied to dispense the vicious payload.

Google has subsequently implemented a new security characteristic in Android 14 that permits IT administrators to deactivate support for 2G cellular networks in their supervised devices. It has also emphasized the function fulfilled by Clang sanitizers (IntSan and BoundSan) in fortifying the security of the cellular baseband in Android.

Then previously this year, the giant tech company exposed it is cooperating with ecosystem partners to introduce novel methods of informing Android users if their cellular network connection is unencrypted and if a counterfeit cellular base station or surveillance mechanism is monitoring their location through a device identifier.

The corporation has also delineated the measures it is taking to counter malevolent actors’ utilization of cell-site simulators like Stingrays to insert SMS messages directly into Android phones, otherwise termed SMS Blaster fraud.

“This technique to insert messages entirely evades the carrier network, hence evading all the advanced network-based anti-spam and anti-fraud filters,” Google pointed out in August. “SMS Blasters establish a bogus LTE or 5G network which executes a single function: downgrading the user’s connection to an obsolete 2G protocol.”

Cybersecurity

Several of the other defenses the corporation has included in its novel Pixel 9 series comprise stack canaries, control-flow integrity (CFI), and automatic initialization of stack variables to zero to avert disclosure of confidential data or serve as an avenue to attain code execution.

“Stack canaries are akin to tripwires arranged to ensure code executes in the anticipated sequence,” it mentioned. “If a hacker endeavors to exploit a vulnerability in the stack to alter the flow of execution without heeding the canary, the canary “trips,” notifying the system of a potential attack.”

“Analogous to stack canaries, CFI guarantees code execution adheres to a limited number of paths. If an attacker attempts to diverge from the authorized compilation of execution paths, CFI prompts the modem to reboot instead of taking the unauthorized execution route.

Found this article intriguing? Follow us on Twitter and LinkedIn to explore more exclusive content we publish.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , ,

More Stories

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025

You may have missed

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

AndyC 20 December 2025
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

AndyC 20 December 2025

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

AndyC 20 December 2025
State-linked and criminal hackers use device code phishing against M365 users

State-linked and criminal hackers use device code phishing against M365 users

AndyC 20 December 2025
Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.