One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8312262 |
| Date de publication | 2023-02-21 12:29:09 (vue: 2023-02-21 19:07:12) |
| Titre | Hardening Firmware Across the Android Ecosystem |
| Texte | Posted by Roger Piqueras Jover, Ivan Lozano, Sudhi Herle, and Stephan Somogyi, Android Team A modern Android powered smartphone is a complex hardware device: Android OS runs on a multi-core CPU - also called an Application Processor (AP). And the AP is one of many such processors of a System On Chip (SoC). Other processors on the SoC perform various specialized tasks - such as security functions, image & video processing, and most importantly cellular communications. The processor performing cellular communications is often referred to as the baseband. For the purposes of this blog, we refer to the software that runs on all these other processors as “Firmware”. Securing the Android Platform requires going beyond the confines of the Application Processor (AP). Android's defense-in-depth strategy also applies to the firmware running on bare-metal environments in these microcontrollers, as they are a critical part of the attack surface of a device. A popular attack vector within the security research community As the security of the Android Platform has been steadily improved, some security researchers have shifted their focus towards other parts of the software stack, including firmware. Over the last decade there have been numerous publications, talks, Pwn2Own contest winners, and CVEs targeting exploitation of vulnerabilities in firmware running in these secondary processors. Bugs remotely exploitable over the air (eg. WiFi and cellular baseband bugs) are of particular concern and, therefore, are popular within the security research community. These types of bugs even have their own categorization in well known 3rd party exploit marketplaces. Regardless of whether it is remote code execution within the WiFi SoC or within the cellular baseband, a common and resonating theme has been the consistent lack of exploit mitigations in firmware. Conveniently, Android has significant experience in enabling exploit mitigations across critical attack surfaces. Applying years worth of lessons learned in systems hardening Over the last few years, we have successfully enabled compiler-based mitigations in Android - on the AP - which add additional layers of defense across the platform, making it harder to build reproducible exploits and to prevent certain types of bugs from becoming vulnerabilities. Building on top of these successes and lessons learned, we're applying the same principles to hardening the security of firmware that runs outside of Android per se, directly on the bare-metal hardware. In particular, we are working with our ecosystem partners in several areas aimed at hardening the security of firmware that interacts with Android: Exploring and enabling compiler-based sanitizers (Bound |
| Notes | ★★★★ |
| Envoyé | Oui |
| Condensat | 3rd aarch64 abort abundant accept across activities add additional aid aimed air all allowed allows along also and/or android android: announced any application applies applying approach are areas arumuga asn assessments assist attack authentication auto baker bare baseband based becoming been behavior beyond blog both boundsan bug bugs build building builds call called can canaries case categorization causes cellular central certain cfi challenge chances chip closely code collaboration colleagues common communications community comparatively compiler complex component compute concern confines connectivity consistent constrained consumption contest continues continuous continuously contributed contributions control conveniently core corruption could cpu critical cross cves debug decade defense define defined defining delivered deploying depth design detecting deus developers device device: diagnostics diana directly does dso easy ecosystem effective efficient efforts: enabled enabling encoding/decoding encourage entirely environments eugene even example excellent exception execution expand experience expertise exploit exploitable exploitation exploits exploring exposed external farzan feat feature features find firmware first flow focus focusing formats forward framework from full functionality functions further fuzzers fuzzing generating goal going google guidelines handlers harden hardening harder hardware has have help herle high highlight highly hines horizon hosts how however image impact impactful implementing important importantly improved ims including increase infrastructure initialize initializes integrity interacts introduced intsan issues ivan jeffrey jover karimi kcfi kevin known lack language languages languages ↩ larger last launch layer layers learned lessons level leverage leveraging libraries linking linux llvm look lot lozano majority making many marketplaces materially maximize meaningful memory messages metal method microcontrollers minimal minimize minimizing mitigation mitigations mms mode modern modes more most moving multi multimedia multiple nainar nas nasser need new not notes now numerous often one only operating optimize other otherwise outside over own parallel parsing part particular particularly partners parts party patch per perform performance performance/stability performing perpetuity perturbation piqueras pirama platform popular post posted potential powered powerful pre prevent principles priorities processing processor processors program programming protection protocols proven provide provides publications purposes pwn2own ready recommend refer referred regardless release remote remotely reports reproducible require requirements requires requisite research researchers resonating resource resources responsible result reward rewards risk rodionov roger rrc run running runs runtime rust safe safety same sami sanitizers scale scheme schemes secondary securing security see set several severely severity shadow shared shifted signaling significant smartphone sms soc software some somogyi special specialized specific stability stack stand steadily stephan stephen stoep stopped strategy strongly successes successfully such sudhi support surface surfaces system systems talks target targeting targets tasks team teams techniques technologies testing thanks theme therefore these tolvanen tools top towards trapping troubleshooting tuned turned types undefined unknown updated use used users value vander various vector very video vulnerabilities vulnerability want: well when where whether which who wifi winners within work working worth would written xing xuan years yomna “firmware” |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.