Google Working to Improve Android Hardware Security

As operating system vendors (Apple and Google) improve their security and make hacking their products more difficult, hackers are looking elsewhere for “ways in”.

While users consider their phones a single computer, the reality is that there are whole bunch of computers under the hood. Processors for each radio in the phone such as the cell modem, the Bluetooth radio, etc.

Google says that it is working with its Android partners by using compiler sanitizers, exploit mitigations and memory safety features.

Exploit mitigations include some really high-tech stuff like control flow integrity, kernel control flow integrity, shadow call stack and stack canaries (see the link at the end to learn more about these).

The challenge, of course, is that adding these protections impacts performance and uses more memory. While this might be acceptable in the main processor, it is less likely to be okay for these specialized processors.

Google’s thought is to carefully target where this extra overhead is placed to minimize the impact.

They also want their developers to migrate to Rust for firmware. Rust is a “memory safe” programming language, unlike the languages they use today. This means that many of the coding errors that are not detected when using other programming languages will be detected and stopped by the Rust compiler.

We have already seen attacks on the cellular radio and Bluetooth firmware, so this is not a theoretical problem, it is actually happening.

One assumes that Apple is working on similar hardening technology.

All of this is good for us users. Anything that makes it harder for the bad guys is help for us.

Credit: Bleeping Computer and ZDNet

by