Google
said
it’s
working
with
ecosystem
partners
to
harden
the
security
of
firmware
that
interacts
with
Android.
While
the
Android
operating
system
runs
on
what’s
called
the
application
processor
(AP),
it’s
just
one
of
the
many
processors
of
a
system-on-chip
(SoC)
that
cater
to
various
tasks
like
cellular
communications
and
multimedia
processing.
“Securing
the
Android
Platform
requires
going
beyond
the
confines
of
the
Application
Processor,”
the
Android
team
said.
“Android’s
defense-in-depth
strategy
also
applies
to
the
firmware
running
on
bare-metal
environments
in
these
microcontrollers,
as
they
are
a
critical
part
of
the
attack
surface
of
a
device.”
The
tech
giant
said
the
goal
is
to
bolster
the
security
of
software
running
on
these
secondary
processors
(i.e.,
firmware)
and
make
it
harder
to
exploit
vulnerabilities
over
the
air
to
achieve
remote
code
execution
within
the
Wi-Fi
SoC
or
the
cellular
baseband.
To
that
end,
Google
noted
that
it’s
exploring
and
enabling
compiler-based
sanitizers
and
turning
on
memory
safety
features
in
firmware
as
exploit
mitigation
measures.
Given
the
resource
constraints
associated
with
bare-metal
targets,
the
idea
is
to
“harden
the
most
exposed
attack
surface
–
while
minimizing
any
performance/stability
impact,”
the
Mountain
View-based
company
explained.
Another
key
area
is
the
use
of
memory-safe
programming
languages
like
Rust
for
writing
firmware
code,
continuing
its
efforts
to
expand
its
adoption
across
the
platform.
“Hardening
firmware
running
on
bare-metal
to
materially
increase
the
level
of
protection
–
across
more
surfaces
in
Android
–
is
one
of
the
priorities
of
Android
Security,”
Google
said.