New technique identifies cell phone vulnerabilities accurately and automatically

3/9/2022

By Sarah Small

UNIVERSITY PARK, Pa. — A new security analysis technique allows researchers to test cellular modems for potential security vulnerabilities in cell phones in a fully automated approach that is also general enough to be applied to modems from different vendors. The research, co-led by Syed Rafiul Hussain, assistant professor of computer science and engineering at Penn State, was published in the Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. While this technique was preceded by other methods for checking cell phone security, the general applicability and automatic process of this method, known as DIKEUE, is a first. The researchers tested DIKEUE on 14 popular cell phones from five different vendors and exposed 15 new security issues in multiple cell phones. The vulnerabilities included illegitimate tracking of a user’s location, exposing a user’s personally identifiable information and eavesdropping on a user’s messages. The vulnerabilities reported to the affected cellular modem manufacturers and the Global Systems for Mobile Communications have been acknowledged and are now in the process of being patched.  

Other authors on the paper are computer science and engineering graduate student Abdulla Al Ishtiaq of Penn State, Imtiaz Karim and Elisa Bertino of Purdue University and Omar Chowdhury of the University of Iowa. This work was funded by the National Science Foundation. 

 

Share this story:

facebook linked in twitter email

MEDIA CONTACT:

College of Engineering Media Relations

communications@engr.psu.edu