HomeTECHNOLOGYGoogle is hardening Android security at the firmware level

Google is hardening Android security at the firmware level


Related stories

Explore 101Desires.com for the Pinnacle of Technical Updates

Unlock the full potential of Google Workspace with 101Desires.com...

TrendzGuruji.me Cyber: Empowering Your Digital Fortress for Unbeatable Cyber Resilience in 2024

TrendzGuruji.me Cyber is a fast-growing platform that's changing the...

Terry Lee Flenory Age, Life, and Other Interesting Facts (2023)

Detroit, Michigan native Terry Lee Flenory is a successful...

The SWGoH Web Store: Your Path to Galactic Domination (Updated 2023)

Star Wars: Galaxy of Heroes, also known as SWGoH,...

Emma Argues with Principal Figgins: A Clash of Wills

Introduction Emma had always been a diligent student, dedicated to...


Why it matters: Android is the world’s most popular mobile operating system, but it’s also the hardest to secure against a variety of cybersecurity threats that keep evolving. Google aims to improve on that front by introducing security features baked in at the firmware level, some of which will come with a performance hit.

Google says it’s working on a new way to boost the security of its Android operating system by reinforcing it at the level closest to the actual hardware it’s running on. The decision aligns with the general trend of securing less visible components of the software stack to add more protection layers against modern cyber threats.

All Android devices today are powered by multi-core processors called application processors, and they are accompanied by additional processors specialized for processing images, video, and security as well as cellular communications. Collectively, they are known as Systems-on-Chip or SoCs and are governed by firmware.

Malicious actors are increasingly targeting this part of the software stack by finding bugs and vulnerabilities which can be exploited over the air. This kind of attack surface is of particular concern to companies like Google that have to coordinate with a large number of OEM partners to distribute security fixes in a timely manner.

Google has a multi-pronged approach to hardening the security of the Android platform. First, it wants to introduce a protection mechanism in the form of compiler-based sanitizers which are able to catch memory safety issues early on in the software development process.

Second, it will work with hardware partners to add memory safety features at the firmware level. These are supposed to prevent any critical memory errors and include a mechanism that zeroes out memory pages before they can be allocated by an app. This ensures that random data left behind by a different app is truly gone.

Last, the company will incorporate a series of mitigations designed to make it harder for hackers to exploit unknown bugs. One side effect of these will be that performance will take a hit as not all parts of an SoC have the same resources. Google admits this will be a challenge moving forward but also emphasizes that optimizations can be done to achieve a good balance between performance and security.

Meanwhile, one of Google’s biggest security issues remains the fragmentation of the Android ecosystem. The company has put a lot of effort into writing almost all new code for Android versions 12 and newer in memory-safe languages like Rust, but adoption by users has been relatively slow. It also doesn’t help that malware creators are easily defeating Android security with stolen Platform certificates.

Masthead credit: Daniel Romero


Source link


- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories