Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors

Feb 24, 2023Ravie LakshmananMobile Security / Firmware

Google said it’s working with ecosystem partners to harden the security of firmware that interacts with Android.

While the Android operating system runs on what’s called the application processor (AP), it’s just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular communications and multimedia processing.

“Securing the Android Platform requires going beyond the confines of the Application Processor,” the Android team said. “Android’s defense-in-depth strategy also applies to the firmware running on bare-metal environments in these microcontrollers, as they are a critical part of the attack surface of a device.”

The tech giant said the goal is to bolster the security of software running on these secondary processors (i.e., firmware) and make it harder to exploit vulnerabilities over the air to achieve remote code execution within the Wi-Fi SoC or the cellular baseband.

To that end, Google noted that it’s exploring and enabling compiler-based sanitizers and turning on memory safety features in firmware as exploit mitigation measures.

Given the resource constraints associated with bare-metal targets, the idea is to “harden the most exposed attack surface – while minimizing any performance/stability impact,” the Mountain View-based company explained.

Another key area is the use of memory-safe programming languages like Rust for writing firmware code, continuing its efforts to expand its adoption across the platform.

“Hardening firmware running on bare-metal to materially increase the level of protection – across more surfaces in Android – is one of the priorities of Android Security,” Google said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related News

Researcher create polymorphic Blackmamba malware with ChatGPT

Researcher create polymorphic Blackmamba malware with ChatGPT

The malware can target Windows, macOS and Linux devices. HYAS Institute researcher and cybersecurity expert, Jeff Sims, has developed a…
Owner of Breach Forums Pompompurin Arrested in New York

Owner of Breach Forums Pompompurin Arrested in New York

Pompompurin has been charged with a single count of conspiracy to commit access device fraud. Conor Brian Fitzpatrick (aka Pompompurin,…
New Vishing Attack Spreading FakeCalls Android Malware

New Vishing Attack Spreading FakeCalls Android Malware

The attack scheme begins with the FakeCalls malware masquerading as an online banking application of a reputable South Korean financial…