Researchers from the University of Colorado Boulder and the National Institute of Standards and Technology (NIST) have demonstrated a new method of detecting if smartphones have been tampered with, the entities announced today.
According to the report, the approach would not be limited to 4G or 5G phones because it focuses on the fundamental electromagnetic behavior of the hardware.
The context is that smartphones are extremely important to secure, but it is difficult to do so without damaging them. The method for identifying tampered smartphones that the two organizations developed relies upon creating a remote fingerprint of the electromagnetic properties of signals sent by different model devices. Specialized SIM cards and cellular radio standards-compliant base station emulator equipment are used to do this.
These signals can be compared to what is being generated by the same model phone in commercial use. Smartphones in use that don’t match the profile may have been tampered with.
The two groups tested the process on current-generation commercially available smartphones with 95% accuracy. The results were stable and repeatable over time.
The work of the university and NIST is not over, however. The story says that the stage is set for the National Metrological Institute’s testing framework. The researchers will need to expand their library of trusted sources that account for potential small variations between manufacturing batches, develop standardized test conditions, and develop a more automated process, according to the report.
“This work demonstrates a foundational approach to obtaining a high-definition, reliable, and stable fingerprint of a commercially available smartphone device to verify that it has not been tampered with or compromised prior to deployment,” author Améya Ramadurgaka said in the story.
“I see this being utilized to validate mobile hardware before it is issued to high-security users, such as the military chain of command or senior government leadership.”
