Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Hardens Pixel’s Baseband Security Mitigations

Pixel 9 comes with improved security hardening mitigations against common exploits on cellular basebands.

Pixel phones have been deploying baseband security hardening mitigations for years and Pixel 9 comes with the most hardened baseband, Google claims.

The baseband, which is the processor that handles cellular communications, processes external inputs, thus representing an attack vector that threat actors may employ to breach the privacy of individuals.

Bugs in the firmware in the baseband could be exploited to gain unauthorized access to devices, escalate privileges, execute code, and deploy backdoors, gaining access to the victim’s sensitive information, Google notes.

Not only have researchers demonstrated attacks targeting baseband firmware, but real-world attacks against zero-day flaws, such as those deploying the Predator malware, and the availability of baseband exploits on dark web marketplaces prove the associated risks, the internet giant argues.

To tackle this attack surface, Google expanded the Pixel and Android Vulnerability Rewards Program to cover exploitable bugs in connectivity firmware and added proactive defenses in Pixel devices.

Pixel 9 phone models, the internet giant explains, include several hardening mitigations aimed to stop attacks against baseband firmware, such as Bounds Sanitizer, which performs checks to ensure that code only accesses designated memory, preventing buffer overflows.

Additionally, Pixel phones prevent the exploitation of uninitialized code values for code execution by automatically initializing stack variables to zero, and come with Integer Overflow Sanitizer, which adds checks around value calculations to ensure that errors do not lead to memory corruption.

Other hardening features include Stack Canaries, which ensure that code executes in the expected order and attackers cannot alter the flow of execution, and Control Flow Integrity (CFI), which restarts the model if the execution flow deviates from the allowed set of execution paths.

Advertisement. Scroll to continue reading.

“Security hardening is difficult and our work is never done, but when these security measures are combined, they significantly increase Pixel 9’s resilience to baseband attacks,” Google notes.

Related: Google Sees Drop in Memory Safety Bugs in Android as Code Matures

Related: PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models

Related: Intel Addresses 80 Firmware, Software Vulnerabilities

Related: Google Extends Support Period for Android Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.