The baseband plays a crucial role in ensuring communication with cell towers, but it’s also a target for attackers who can exploit its vulnerabilities
Google has unveiled new security measures designed to protect its latest Pixel devices from the growing threat of baseband security attacks. These defenses are aimed at safeguarding the cellular baseband, the processor responsible for handling device connectivity, including LTE, 4G, and 5G, with mobile networks.
The baseband plays a crucial role in ensuring communication with cell towers, but it’s also a target for attackers who can exploit its vulnerabilities. “This function inherently involves processing external inputs, which may originate from untrusted sources,” noted Sherk Chung, Stephan Chen, Roger Piqueras Jover, and Ivan Lozano, members of Google’s Pixel and Android teams, in a blog post shared with *The Hacker News*. They highlighted how malicious actors could use false base stations to inject manipulated network packets, even remotely, through certain protocols like the IP Multimedia Subsystem (IMS).
These types of attacks are not hypothetical. In 2023, research by Amnesty International revealed how the Intellexa alliance, behind the Predator spyware, exploited vulnerabilities in the Exynos baseband software used in Samsung devices to deliver spyware in highly targeted attacks. The exploit, called Triton, forced devices to connect to a legacy 2G network via a cell-site simulator, enabling attackers to distribute malicious payloads.
Google has been proactive in addressing these risks. A key feature in Android 14 allows IT administrators to disable support for 2G cellular networks on managed devices, preventing attackers from forcing connections to the less secure protocol. Google has also enhanced security by using Clang sanitizers (IntSan and BoundSan) to strengthen the cellular baseband in Android, and is working with partners to alert users if their network connection is unencrypted or if a fake cellular base station is tracking their device.
The company is also tackling the use of cell-site simulators, such as Stingrays, which can inject SMS messages directly into Android devices without passing through the carrier’s network, bypassing anti-spam and fraud filters. Known as SMS Blaster fraud, this method exposes devices to attacks by downgrading their connection to a legacy 2G protocol. Google highlighted the importance of defenses like these in protecting users from increasingly sophisticated attacks.
In its latest Pixel 9 lineup, Google has added several additional security features. These include stack canaries, control-flow integrity (CFI), and auto-initialization of stack variables to zero. Stack canaries, described as “tripwires,” detect unauthorized changes in the flow of code execution, alerting the system to potential attacks. Similarly, CFI restricts code execution to predefined paths, preventing attackers from deviating and forcing a modem restart if unauthorized actions are detected.
These updates reflect Google’s ongoing commitment to protecting its users in the face of evolving cybersecurity threats, especially those targeting the critical baseband component of modern smartphones.