With a database of smartphone signal fingerprints, researchers developed a way to confirm a phone is “trusted” and has not been altered
With increasing cyberattacks and government data breaches, one of the most important devices to keep secure is the one in everyone’s pocket: smartphones. The problem is that it is difficult to check that a smartphone has not been tampered with without the risk of unintentionally damaging the device itself.
In AIP Advances, researchers from the University of Colorado Boulder and the National Institute of Standards and Technology developed a way to remotely fingerprint and identify a cellular device. Their method can help ensure a phone has not been altered during its manufacturing process, reducing the risk of espionage.
When smartphones communicate with a cell tower, they emit a set of electromagnetic waves. Using specialized SIM cards and cellular radio standards-compliant base station emulator equipment, the researchers commanded a set of “trusted” cell phones — devices they know have not been modified — to transmit the exact same sets of signals, allowing them to create a database of what these signals really look like for different phone models, which serve as fingerprints of the model.
“Think of it like giving every phone the exact same song to sing. Even though they are singing the same notes, every phone model has tiny, microscopic differences in its internal hardware,” said author Améya Ramadurgakar. “Our system is sensitive enough to hear those subtle ‘vocal’ differences.”
By comparing the signals emitted by an unknown device to the database, the researchers can figure out if the device has been altered — that is, if its signals do not match up with any of the trusted fingerprints.
They tested this process on multiple commercially available, current-generation smartphones from all major manufacturers currently leading the domestic market to over 95% accuracy. These results were both repeatable and stable over time. Because their method focuses on the fundamental electromagnetic behavior of the hardware, it is not limited to current 4G and 5G mobile networks and will be extendable to future generations of cellular technologies.
Ramadurgakar said this method lays the groundwork for the National Metrological Institute’s testing framework. To formalize this solution, the researchers need to expand their library of trusted sources that accounts for potential small variations between manufacturing batches, develop standardized test conditions, and develop a more automated process.
“This work demonstrates a foundational approach to obtaining a high-definition, reliable, and stable fingerprint of a commercially available smartphone device to verify that it has not been tampered with or compromised prior to deployment,” said Ramadurgakar. “I see this being utilized to validate mobile hardware before it is issued to high-security users, such as the military chain of command or senior government leadership.”
