>
Google has started making Android more secure at the firmware level, targeting processors on systems-on-a-chip (SoCs) that focus on special tasks such as mobile phone functionality, media playback and encoding, and Wi-Fi connectivity.
Per Beeping computer (opens in new tab)the tech giant is beginning to take note of the fact that “over the past decade” firmware vulnerabilities on secondary processors have become a high-priority target for security researchers And academic papers in the field of computer science.
Wi-Fi and cellular module exploits are of particular concern as they enable remote code execution (RCE)
Android firmware security
Google plans to explore various protection mechanisms with its partners in the “Android ecosystem.” These include compiler-based sanitizers, such as boundSan (opens in new tab) And IntSan (opens in new tab)which catch memory-based errors and crashes that often occur during code compilation.
There are also exploit restrictions, such as Control Flow Integrity (CFI), Kernel Control Flow Integrity (kCFI (opens in new tab)), ShadowCallStack (opens in new tab)like Pile of Canaries (opens in new tab)that work to protect values against buffer overflow attacks in the compilation phase.
Buffer overflows, in addition to null-pointer dereferences and user-after-free attacks, are also protected by a variety of memory protection features. To this end, Google has thought about one Zero initialized memory (opens in new tab) principle, citing uninitialized memory in C and C++ environments as a common cause of reliability problems.
As BleepingComputer pointed out, addressing issues in different parts of a processor can have a negative effect on system performance, but Google believes that, with optimization, it can mitigate the impact of its efforts.