Google Updates Android To Stop Dangerous New Phone Hack

A battle is brewing between tech giants Google and Apple, and the forensic software industry, in a war over phone security. The recent surge in attacks against iPhones and Android devices has led to a critical update from Google's Android team, aimed at stopping these new phone hacks once and for all.

The attacks, known as forensic attacks, are physical in nature. They involve plugging a cable into a phone and connecting it to a computer or appliance running software that compromises the device to exfiltrate its data. This type of attack is different from remote access compromises, which exploit vulnerabilities in apps and operating systems to tunnel into a device over the air.

In an effort to combat these attacks, both Apple and Google have introduced OS updates that restore phones to their "before first unlock" state if left inactive for 72 hours. If investigators leave phones on shelves or in evidence lockers before working on them, the phones will reboot to disable USB access until unlocked, stopping such attacks.

However, law enforcement agencies quickly realized that this update could hinder their work. Investigators now know how to work around it and can act on phones sooner after capture or ensure that no device is allowed to remain dormant long enough to reboot. This has led Google to introduce Advanced Protection Mode in Android 16, which adds stronger defenses to phones.

When enabled, Advanced Protection Mode adds several layers of protection to phones, including disabling sideloading, 2G cellular and insecure WiFi connections. It also blocks USB connections to phones when they are locked, providing an added layer of security against so-called "juice jacking" attacks.

Android Authority recently uncovered the details behind this new defense in a recent APK teardown. According to the report, enabling Advanced Protection Mode will disable USB data signaling when Android is locked, and new USB devices won't be able to connect to the phone until it's unlocked. When a new USB device is plugged in, a notification will appear warning the user of "suspicious USB activity".

Another company, Samsung, is also enhancing its security measures by letting users choose to block USB connections to prevent any other access through the USB port while the device is locked, except for battery charging. This setting comes as part of a package that blocks risky wireless connections as well as sideloading.

The reality is that these measures are needed given the succession of exploits emanating from the forensic industry. However, enabling Advanced Protection Mode on Android devices may be a step too far for many users, who will need to opt into the cell phone version of its Advanced Protection Program.

Some argue that the USB block on locked devices should be a standalone option on Androids and iPhones, and it should be enabled by default. This would provide an added layer of security without requiring users to take extra steps or make significant changes to their device settings.

A New Era in Phone Security

The introduction of Advanced Protection Mode in Android 16 marks a new era in phone security, where tech companies are working together to combat the growing threat of forensic attacks. As the battle between Google and Apple continues, one thing is clear: users need stronger defenses against these types of attacks.