In continuance to Quadrooter challenge – POMM offers a new approach based on a hardware “ data safe “ concept

הורד

Recent publications have warned the fast growing community of advanced generation mobile users, from the growing malware threats affected through a set of four vulnerabilities that are already affecting 900 million Android Smartphone and tablets devices. These newly identified threats use the Qualcomm® chipsets used in most modern mobile devices, acting as a Trojan horse vehicle containing this malware. http://blog.checkpoint.com/2016/08/07/quadrooter

Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of these four vulnerabilities is exploited or triggered, an attacker can initiate privilege escalations for the purpose of gaining root access to a device and its user’s sensitive content. An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, thus alleviating any suspicion users may have when installing. The newly published vulnerabilities are found in the software drivers that are supplied to phone manufacturers with the Qualcomm essential chipsets; consequently any Android device built using these chipsets is at malware effective attack risks. The drivers, which control communication between the Qualcomm chipset components, become incorporated into Android builds manufacturers develop for their devices.

Once these Trojan malware components are resident within the Smartphone firmware infrastructure, they can be activated in many ways by the hostile entities that have implanted their malware in the Qualcomm supplied drivers. Any data component that is residing in the affected Smartphone can be miss-used or sent out and exploited at the will of the attacker. To overcome these new types of mobile embedded Trojan malware, several approaches can be implements that are based on known abnormal behaviors logics analysis implemented and used in the anti malware protection pure SW based  market leading present solutions. Still if the Malware is well hidden within an “innocent” file package it is very hard to detect it and to be blocked.

A new approach based on a hardware “ data safe “ based concept , Is offered in a new device called POMM that is a smart electronic protection case attached to the Smartphone. The user can always chose to transfer any sensitive data he gets immediately to the isolated storage space of the POMM sleeve, where it is immediately and automatically encrypted using integrated advanced hardware based encryption solutions. . the encryption keys of the :”safe “ data content are created and stored in a separate dedicated chipset that is not a part of the Safe data protected storage space. This new approach solution is providing an innovative safe way to avoid the mal access and effective miss-use of the stored encrypted data, even if the supplied drivers malware has managed to pass through the POMM integrated security gate control that is isolating the POMM safe memory from the Smartphone’s much less protected data memories and internal data busses, that are easily affected by these new malwares.

 


Comments (0)

Leave a comment