The Grapheneos developers team, known for creating the Android-based operating system with a focus on confidentiality and safety, has suggested introducing a new function into Android that would enhance firmware vulnerability protection. This function would automatically restart the device, making it more difficult for attackers to exploit the vulnerabilities.
In a recent announcement, the team revealed the existence of vulnerabilities in Android that affect devices such as Google Pixel and Samsung Galaxy smartphones. These vulnerabilities can potentially be used to steal data and monitor users when their devices are inactive.
A device is considered “at rest” when it is turned off or locked and has not been unlocked since booting. In this state, the level of confidentiality protection is very high, but the device’s functionality is limited as the encryption keys are not yet available for use with installed applications.
Typically, the first unlock after rebooting moves cryptographic keys to the cache, allowing applications to function properly and bringing the device out of the “at rest” state. The GrapheneOS team emphasizes that simply locking the screen after using the device does not return it to the “at rest” state, as certain exceptions to safety measures are preserved.
To counteract this, the team suggests implementing an automatic reboot function, which would restore the device to a fully secure state by clearing all temporary states, processes, or actions that could be exploited by hackers. This automatic reboot would require authentication, such as a PIN code, password, or biometric verification, thereby reinstating all safety mechanisms.
Although the GrapheneOS developers did not provide specific details about the firmware vulnerabilities they discovered, they proposed a general solution that would be effective in most cases: the implementation of an automatic reboot function already present in the GrapheneOS operating system.
This function aims to minimize the potential for attacks by performing more frequent device reboots that trigger all system protection systems. The GrapheneOS automatic reboot feature resets the device every 18 hours.
Explaining further, a representative from GrapheneOS stated that while the firmware vulnerabilities cannot be directly fixed due to hardware restrictions, the new function offers to erase the firmware during each reboot and improve the administration API to ensure safer data removal from devices.
Furthermore, GrapheneOS highlighted that using flight mode on smartphones, often assumed to reduce the risk of attacks, can still allow data exchange via Wi-Fi, Bluetooth, NFC, and USB Ethernet, depending on the attack vector. Therefore, flight mode may not be an effective protective measure in all scenarios.
The developers also emphasized the importance of securing PIN codes and passwords