Google is working to improve the cybersecurity of Android smartphones and tablets by strengthening the defenses of the entire ecosystem at the firmware level.
Firmware is the computer software behind the device’s hardware configuration and control. Because of this state, the firmware is usually the first code that runs when the device is turned on, underpinning everything else in the built system.
This location means that firmware plays a key role in the security of your device and its operating system, including configuring hardware security settings.
Also: Five simple steps to keep your smartphone safe from hackers
The main role of the firmware in managing all aspects of the device means that if an attacker can compromise a smartphone or tablet at the firmware levelthey can have constant and almost completely secret access to the device, which could allow them to track everything you do, steal sensitive information, or even shut down your device .
Firmware attacks are uncommon and are often highly targeted — but Google is responding to what it describes as an increase in cybersecurity research to uncover vulnerabilities in the Android firmware.
“As the security of the Android Platform has steadily improved, some security researchers have shifted their focus to other parts of the software stack, including the part of the software stack,” the researchers said. cartilage”. Google Security Blog update.
“Over the past decade, there have been numerous publications, talks, Pwn2Own and CVE contest winners targeting exploits of vulnerabilities in the firmware running in these secondary processors.”
Some of these vulnerabilities have resulted in remote code execution on the device, especially after Wi-Fi abuse and mobile band failures.
Now, Google says it will improve Android security by applying lessons learned from securing other areas of code and strengthening the firmware to protect it — and its users — from threats. potential cyber threat.
Also: Inside the cybersecurity red team that keeps Google safe
This process will involve improvements to the compiler-based sanitizer — a programming tool that detects computer program errors — and other exploit mitigations in the firmware, along with improvements to memory safety features. The memory enhancements will seek to prevent attacks that directly target the firmware’s memory, such as buffer overflow attacks.
There are challenges around implementing this approach, as Google notes.
“Enhancing bare metal firmware to dramatically increase protection — on more surfaces in Android — is one of the priorities of Android Security,” says Google Security. Google Security also wants other Android device makers to follow suit.
“In the future, our goal is to expand the use of these reduction technologies to more bare metal targets, and we strongly encourage our partners to do the same. We are ready to go. willing to assist its ecosystem partners in hardening bare metal firmware.”
