Google bolsters firmware security for Android

BleepingComputer reports that Google has been collaborating with Android ecosystem partners to strengthen firmware security as it works to better defend other components of a system on a chip against potential exploitation. "Over the last decade, there have been numerous publications, talks, Pwn2Own contest winners, and CVEs targeting the exploitation of vulnerabilities in firmware running in these secondary processors," said Google, which highlighted the growing prevalence of attacks leveraging Wi-Fi or cellular module flaws to facilitate arbitrary code injection and execution. Aside from exploit mitigations, Google and its partners have been exploring the use of compiler-based sanitizers that could combat security flaws, as well as memory safety capabilities that would defend against user-after-free attacks and buffer overflows. While such mitigations could take a hit on device performance, Google noted that optimizations on their activation could limit such concerns. Expanded Rust programming language utilization for firmware code is also in the cards as Google seeks to bolster Android security.