Google has started working to harden the security of Android at the firmware level, a component of the software stack that interacts directly with the various processors of a system on a chip (SoC).
The plan is to expand the security in Android devices beyond the operating system, which runs on a multi-core CPU, to the other processors on the SoC for dedicated tasks like cellular communication, media processing, or security modules.
This decision was fueled by security research lately focusing on various components of the software stack, including the firmware.
“Over the last decade, there have been numerous publications, talks, Pwn2Own contest winners, and CVEs targeting the exploitation of vulnerabilities in firmware running in these secondary processors.” – Google
Among more notable examples are attacks targeting vulnerabilities in the secondary processors such as the Wi-Fi or cellular modules that could be exploited remotely over the air to inject and execute arbitrary code.
Hardening the firmware
Google says that together with its Android ecosystem partners it is working to improve the security of the firmware that interacts with Android, exploring several protection mechanisms:
- Compiler-based sanitizers that can catch memory safety issues allowing security flaws or crashes during the code compilation stage. Google mentions BoundSan and IntSan
- Exploit mitigations: Control Flow Integrity (CFI), Kernel Control Flow Integrity (kCFI), ShadowCallStack, and Stack Canaries
- Memory safety features aimed to prevent memory errors such as buffer overflows, user-after-free attacks, and null pointer dereferences; Google mentions the ‘zero-initialized‘ mechanism that zeros memory values before a program accesses the allocated space so it doesn’t contain random data from previous uses
One issue with incorporating the mitigations is that they may have a negative impact on the performance of the devices, an even more difficult challenge when it comes to secondary processors designed for a specific set of functions, since they don’t come with the same resources as the main processor powering the Android operating system.
Google says that by optimizing how and where the mitigations are activated it can minimize the impact on Android’s functionality, performance, and system stability.
Google’s effort to harden firmware security is part of a greater effort to improve the security of the Android platform. In the future, the tech giant plans to expand the use of Rust for firmware code, implementing all functions using a memory-safe language.