Google Updates Android To Stop Dangerous New Phone Hack
Why this update is critical
There’s a battle now taking place between Google and Apple on one side, and the forensic software industry on the other. Many of the recent attacks against iPhones and Androids that triggered update now warnings have been attributed to the specialist software that compromises a phone to exfiltrate its data.
Forensic attacks are physical — they are not the remote access compromises you will also have seen targeting devices, and which exploit vulnerabilities in apps and operating systems to tunnel into a device over the air. Instead, a cable is plugged into a phone and connected to a computer or appliance running software to attack the device.
This is why Apple and now Google have both introduced OS updates that restore phones to their “before first unlock” state if left inactive for 72-hours. If investigators leave phones on shelves or in evidence lockers before working on them, the phones will reboot to disable USB access until unlocked, stopping such attacks. This caused a flurry of headlines when the impact on law enforcement agencies was exposed last year.
Whisper it quietly, but investigators now know this and can work around it. Acting on phones sooner after capture or ensuring that no device is allowed to remain dormant long enough to reboot. In games of cat and mouse, new traps have a limited shelf life.
This is why Google is upping the ante with Advanced Protection Mode in Android 16. When enabled — and it’s off by default — this adds stronger defenses to phones, such as disabling sideloading, 2G cellular and insecure WiFi connections. It also blocks USB connections to phones when they are locked. Toggle this on, and you can connect to any airport or hotel charge point you want, and not worry about so-called juice jacking.
Android Authority uncovered the detail behind this new defense in a recent APK teardown, “that suggests enabling Advanced Protection Mode will also disable USB data signaling when Android is locked… They also explicitly mention how new USB devices can’t be used when Android is locked. When a new USB device is plugged in, a notification will appear that warns the user of ‘suspicious USB activity’. To use the device, you have to ‘unlock Android first and then reinsert [the]
USB device to use it’.”
Samsung is also enhancing the Maximum Restrictions on its phones by letting users “choose to block USB connections to prevent any other access through the USB port while the device is locked, except for battery charging.” Again, this setting comes as part of a package that blocks risky wireless connections as well as sideloading.
The reality is these measures are needed given the succession of exploits emanating from the forensic industry. But to enable this new protection, Android users will likely need to opt into the cell phone version of its Advanced Protection Program, which will be a step too far for many. The USB block on locked devices should be a standalone option on Androids and iPhones, and it should be enabled by default.