Google has begun working to harden Android’s security at the firmware level, a component of the software stack that interacts directly with the various processors in a system-on-chip (SoC).
The plan is to extend the security of Android devices beyond the operating system, which runs on a multi-core processor, to the other processors in the SoC for dedicated tasks such as cellular communication, multimedia processing or communication modules. security.
This decision was fueled by security research that has recently focused on various components of the software stack, including firmware.
Notable examples include attacks targeting secondary processor vulnerabilities such as Wi-Fi or cellular modules that could be exploited remotely over the air to inject and execute arbitrary code.
Google says that together with its partners in the Android ecosystem, it is working to improve the security of firmware that interacts with Android, exploring several protection mechanisms:
- Compiler-based sanitizers which can detect memory safety issues allowing security vulnerabilities or crashes during the code compilation phase. Google mentions LinkedSan And IntSan
- Exploit Mitigation: Control Flow Integrity (CFI), Kernel Control Flow Integrity (kCFI), ShadowCallStackAnd Stacked canaries
- Memory Safety Features was intended to prevent memory errors such as buffer overflows, post-user-free attacks, and null pointer dereferences; Google mentions the ‘initialized to zero‘ mechanism that resets memory values before a program accesses the allocated space so that it does not contain random data from previous uses
One of the issues with incorporating mitigations is that they can negatively impact device performance, an even more difficult challenge when dealing with secondary processors designed for a specific set of functions, as they do not have the same resources. as the main processor powering the Android operating system.
Google says that by optimizing how and where mitigations are activated, it can minimize the impact on Android’s functionality, performance, and system stability.
Google’s effort to tighten firmware security is part of a larger effort to improve Android platform security. In the future, the tech giant plans to expand the use of Rust for firmware code, implementing all functions using an in-memory safe language.