Google has illustrated, on its blog dedicated to cybersecurity, a new initiative aimed at making its operating system Android even more secure and resistant to cyber attacks. The goal of the Mountain View developers – and of the many partners who have contributed to its creation over the years – is the firmware, which in this case is intended as the software that explains exactly the hardware components of a device, in particular the SoC, how to work.
Often, for reasons of simplicity and convenience, we identify with terms such as “SoC” and “processor” what is actually the CPUor AP (Central Processing Unit or Application Processor), in fact the chip that runs games and applications and loads the operating system, but the SoC is the “container” in which there are multiple processors, including the CPU but also the ISP, which deals with processing the data obtained from cameras, is a processor; the same one that deals with cellular communication, generally called baseband. And so on. Even the GPU is in fact a secondary processor, specialized in graphics operations (Graphics processing units).
Own secondary processors have become increasingly common targets of exploits and cyberattacks, Google notes, especially over the past decade. The baseband, in particular, is extremely at risk due to its ability to receive and send data via wireless, and therefore the risk of remote attacks is very high. And so far little has been done to protect them. Google and its partners have therefore decided to implement the knowledge acquired in strengthening, so to speak, the CPU firmware and apply the same principles to secondary processors as well.
The precise details of the initiative are very technical, and we recommend reading it only to the most passionate, or to developers directly involved in this specific sector. Still worth noting the increasingly widespread use of Rust, a programming language (born in Mozilla’s lap, ironically) that by design is immune to memory attacks. Rust has been supported since Android 12, but it’s in Android 13 that we’ve seen wider, even majority adoption if you’re just looking at the new code. Google sees a lot of potential for language in protecting so-called “bare-metal” components, i.e. secondary processors that operate without an operating system and applications of their own.