Google has unveiled, on its blog dedicated to cybersecurity, a new initiative aimed at making its Android operating system even more secure and resistant to cyber attacks. The goal of the developers of Mountain View – and of the many partners who over the years have contributed to its realization – is the firmware, which in this case is understood as the software that explains exactly to the hardware components of a device, in particular the SoC, how to work.
Often, for reasons of simplicity and convenience, we identify with terms such as “SoC” and “processor” what is actually the CPU, or AP (Central Processing Unit or Application Processor), in fact the chip that takes care of running games and applications and loading the operating system, but the SoC is the “container” in which multiple processors are located, including the CPU but also the ISP, which takes care of processing the data obtained from the cameras, is a processor; The same is the one that deals with cellular communication, generally called baseband. And so on. Even the GPU is in fact a secondary processor, specialized in graphics processing unit operations.
Secondary processors have become increasingly common targets for exploits and cyberattacks, Google notes, especially over the past decade. The baseband, in particular, is extremely at risk for its ability to receive and send data wirelessly, and therefore the risk of remote attacks is very high. And so far little has been done to protect them. Google and its partners have therefore decided to use the knowledge gained in strengthening, let’s say, the firmware of CPUs and applying the same principles also to secondary processors.
The precise details of the initiative are very technical, and we recommend reading them only to the most enthusiastic, or to developers directly involved in this specific sector. However, it is worth mentioning the increasingly widespread use of Rust, a programming language (born in Mozilla’s lap, ironically) that by design is immune to memory attacks. Rust has been supported since Android 12, but it is in Android 13 that we have seen a wider adoption, even majority if you look only at the new code. Google sees a lot of potential for language in protecting so-called “bare-metal” components, which are secondary processors that operate without their own operating system and applications.