Google has begun work on making Android more secure at the firmware level, targeting processors on systems-on-a-chip (SoCs) that target dedicated tasks such as mobile phone functionality, media playback and encoding, and Wi-Fi connectivity.
Per BleepingComputer, the tech giant is starting to take notice of the fact that, “over the last decade”, firmware vulnerabilities on secondary processors have been become high-priority targets for security researchers and academic papers in the field of computer science.
Wi-Fi and Cellular module exploits are especially of concern, given that they allow for remote code execution (RCE)
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.
D. Athow, Managing Editor
Android firmware security
Google is planning to explore a variety of protection mechanisms with its “Android ecosystem” partners. These include compiler-based sanitizers, like BoundSan and IntSan, which catch memory-based flaws and crashes that often occur during code compilation.
There are also exploit mitigations, like Control Flow Integrity (CFI), Kernel Control Flow Integrity (kCFI), ShadowCallStack, as well as Stack Canaries, which work towards protecting values from buffer overflow attacks at the compilation stage.
Buffer overflows will also, in addition to null pointer dereferences and user-after-free attacks, will also be guarded against by a raft of memory safety features. To this end, Google have mulled over a Zero Initialized Memory principle, citing uninitialized memory in C and C++ environments as a common cause of reliability issues.
As BleepingComputer have noted, tackling problems across different parts of a processor could have an adverse effect on system performance, but Google believes that, with optimization, it can mitigate the impacts of its efforts.
- Here are the best Android antivirus apps right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.