Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Google Pixel 3 Improves Data Protection with Security Chip

Google has packed the recently launched Pixel 3 and Pixel 3 XL devices with Titan M, a hardened security microcontroller that can better protect information at hardware level.

Google has packed the recently launched Pixel 3 and Pixel 3 XL devices with Titan M, a hardened security microcontroller that can better protect information at hardware level.

Designed and manufactured by Google, Titan M is a second-generation, low-power security module meant to help with the Android Verified Boot, storing secrets, providing backing for the Android Strongbox Keymaster module, and enforcing factory-reset policies.

Courtesy of Insider Attack Resistance, the chip also ensures that no one, not even Google, can unlock a phone or install firmware updates without the owner’s cooperation, the Internet search company reveals.

The purpose of including Titan M in Pixel 3 devices was to reduce attack surface. It is a separate chip, which mitigates against entire classes of hardware-level exploits such as Rowhammer, Spectre, and Meltdown, Google claims.

Titan M’s processor, caches, memory, and persistent storage are isolated from the rest of the phone’s system, meaning that such side channel attacks are nearly impossible. Furthermore, the chip includes additional defenses that, alongside its physical isolation, protect against external attacks.

“But Titan M is not just a hardened security microcontroller, but rather a full-lifecycle approach to security with Pixel devices in mind. Titan M’s security takes into consideration all the features visible to Android down to the lowest level physical and electrical circuit design and extends beyond each physical device to our supply chain and manufacturing processes,” Google says.

The chip, however, also includes features optimized for the mobile experience, such as low power usage, low-latency, hardware crypto acceleration, tamper detection, and secure, timely firmware updates.

Google says it also created a custom provisioning process for transparency and control at every step of the design process, starting from the earliest silicon stages.

Advertisement. Scroll to continue reading.

“We know what’s inside, how it got there, how it works, and who can make changes,” the company says.

Google also plans on making the Titan M firmware source code publicly available soon. The Internet giant holds the root keys necessary to sign Titan M firmware, but vendors will be able to reproduce binary builds based on the public source.

Titan M features an ARM Cortex-M3 microprocessor hardened against side-channel attacks, as well as hardware accelerators, including AES, SHA, and a programmable big number coprocessor for public key algorithms.

The implementation of Titan M, the company says, is also focused on ensuring that new features, capabilities, and performance that are not readily available in off-the-shelf components can be delivered to users.

“These changes allow higher assurance use cases like two-factor authentication, medical device control, P2P payments, and others that we will help develop down the road,” Google explains.

Related: Google Boosts Protection of Backups in Android

Related: Google Turns TLS on By Default on Android P

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...