Pixel phones have been deploying baseband security hardening mitigations for years and Pixel 9 comes with the most hardened baseband, Google claims.
The baseband, which is the processor that handles cellular communications, processes external inputs, thus representing an attack vector that threat actors may employ to breach the privacy of individuals.
Bugs in the firmware in the baseband could be exploited to gain unauthorized access to devices, escalate privileges, execute code, and deploy backdoors, gaining access to the victim’s sensitive information, Google notes.
Not only have researchers demonstrated attacks targeting baseband firmware, but real-world attacks against zero-day flaws, such as those deploying the Predator malware, and the availability of baseband exploits on dark web marketplaces prove the associated risks, the internet giant argues.
To tackle this attack surface, Google expanded the Pixel and Android Vulnerability Rewards Program to cover exploitable bugs in connectivity firmware and added proactive defenses in Pixel devices.
Pixel 9 phone models, the internet giant explains, include several hardening mitigations aimed to stop attacks against baseband firmware, such as Bounds Sanitizer, which performs checks to ensure that code only accesses designated memory, preventing buffer overflows.
Additionally, Pixel phones prevent the exploitation of uninitialized code values for code execution by automatically initializing stack variables to zero, and come with Integer Overflow Sanitizer, which adds checks around value calculations to ensure that errors do not lead to memory corruption.
Other hardening features include Stack Canaries, which ensure that code executes in the expected order and attackers cannot alter the flow of execution, and Control Flow Integrity (CFI), which restarts the model if the execution flow deviates from the allowed set of execution paths.
“Security hardening is difficult and our work is never done, but when these security measures are combined, they significantly increase Pixel 9’s resilience to baseband attacks,” Google notes.
Related: Google Sees Drop in Memory Safety Bugs in Android as Code Matures
Related: PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models
Related: Intel Addresses 80 Firmware, Software Vulnerabilities