Google began to work on Android safety reinforcement at the firmware level to expand the safety of devices outside the OS operating on a multi-core processor for other SOC processors (System-on-a-chip) for special tasks, such as cellular communications, Processing multimedia or safety modules.
This decision was caused by recent security studies, in which the main attention was paid to various vulnerabilities in microprocessors and components of a program stack, including firmware.
Among the most striking examples are attacks aimed at vulnerability in secondary processors, such as Wi -Fi or cellular modules, which can be used remotely on the radio channel to introduce and perform arbitrary code.
Google claims that together with its partners in the Android ecosystem, it is working on increasing the safety of the firmware, which interacts with Android, exploring several protection mechanisms:
- Sanitizers based on a compiler that can detect problems with memory safety, which leads to errors or malfunctions at the code compilation stage;
- Elimination of exploits. This includes the integrity of the control ( cfi ), the stack canary (stack canary), etc.;
- memory safety functions aimed at preventing memory errors, such as the overflow of the buffer, the use of the zero pointer after the release and the selection of the zero pointer. Here Google mentions the mechanism “
On the other hand, the implemented measures to mitigate the consequences can have a negative impact on the productivity of devices, which is an even more complex task when it comes to secondary processors intended for a certain set of functions, since they do not have the same resources as The main processor.
Google states that the optimization of how and where the protective equipment is activated can minimize the effect on the functionality, performance and stability of the Android system.
Google efforts to strengthen the safety of firmware are part of more large -scale plans to increase the safety of the Android platform. In the future, the corporation plans to expand the use of the Rust language for the firmware code, realizing all the functions using the language safe for the language.