Earlier this year, researchers from the Ben-Gurion University of the Negev (BGU) in Israel discovered a security vulnerability in the internal communications between Android cellphone components and a phone's central processing unit (CPU).
They alerted Android developer Google and helped the company address the problem.
"Our technology doesn't require device manufacturers to understand or modify any new code," said Yossi Oren from BGU.
"It's a firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU," said Oren.
Also Read
These components, referred to as "field replaceable units (FRUs)," communicate with the phone CPU over simple interfaces with no authentication mechanisms or error detection capabilities.
A malicious vendor could add a compromised FRU to a phone, leaving it vulnerable to password and financial theft, fraud, malicious photo or video distribution, and unauthorized app downloads.
"This problem is especially acute in the Android market with many manufacturers that operate independently," researchers said.
"An attack of this type occurs outside the phone's storage area; it can survive phone factory resets, remote wipes and firmware updates. Existing security solutions cannot prevent this specific security issue," they said.
The research team uses machine learning algorithms to monitor the phones' internal communications for anomalies that may indicate malicious code.
The software allowed them to identify and prevent hardware-generated data leaks and hacks. The researchers are seeking to further test the patent-pending technology with phone manufacturers.
Disclaimer: No Business Standard Journalist was involved in creation of this content