Hardening the security at the firmware level, Google is taking new steps to secure functions from secondary processors like media processing, cellular communications, etc.
The company cited a number of examples from the past targeting the vulnerabilities in these secondary processors – letting hackers take over the device remotely, even though the Android OS is secure. Thus, strengthening these other processes around Android is now a focus.
Securing the Surrounding Functions
In a greater effort to improve the overall security of the Android ecosystem, Google is working to harden the firmware for secondary processors, especially concerning cellular communications, media processing and other security modules.
This is the result of a bunch of incidents from the past – with various publications, talks, Pwn2Own contest winners, and CVEs showing how vulnerable the Android ecosystem is. As most of them target vulnerabilities in the firmware of secondary processors, Google wants to upgrade them for good.
In this pursuit, the company is working with it’s partners in the Android ecosystem to improve the security of these secondary processes at the firmware level, like below;
- Compiler-based sanitizers can catch memory safety issues allowing security flaws or crashes during the code compilation stage. Google mentions BoundSan and IntSan
- Exploit mitigations: Control Flow Integrity (CFI), Kernel Control Flow Integrity (kCFI), ShadowCallStack, and Stack Canaries
- Memory safety features aimed to prevent memory errors such as buffer overflows, user-after-free attacks and null pointer dereferences; Google mentions the ‘zero-initialized‘ mechanism that zeros memory values before a program accesses the allocated space so it doesn’t contain random data from previous uses.
Well, Google worries about the negative impact of mitigations applied in the wrong places – especially with the secondary processors designed for performing specific functions. Disturbing them would render the overall device useless sometimes. Thus, mitigations should be carefully applied.
Google’s concerns about these secondary processors are reasonable, as they’re compromising the device’s overall security – even though Google is doing it’s best with the Android OS. The company also plans to expand the use of Rust for firmware code – a memory-safe language for better security and functions.
Other Trending News:- News