“Google said it aims to strengthen the security of software running on firmware (secondary processors) and make it stronger to exploit vulnerabilities to accomplish remote code execution within the cellular baseband or the Wi-Fi SoC.”

Google LLC is a US-based multinational technology company engaged in online advertising, search engine technology, cloud computing, computer software, and more services has announced the company is working with ecosystem partners to reinforce the security that interacts with Android.

Also Read, SentryBay Unveils Armored Client for AVD & W365 for Endpoint Vulnerability Protection

Android OS runs on an application processor (AP), and it is just one of the multiple processors of a system-on-chip (SoC) that handles several tasks like multimedia processing and cellular communications. 

The Android team said, "Securing the Android Platform requires going beyond the confines of the Application Processor. Android's defense-in-depth strategy also applies to the firmware running on bare-metal environments in these microcontrollers, as they are a critical part of the attack surface of a device."

Google said it aims to strengthen the security of software running on firmware (secondary processors) and make it stronger to exploit vulnerabilities to accomplish remote code execution within the cellular baseband or the Wi-Fi SoC. 

To that end, Google addressed that the company is searching and allowing compiler-based sanitisers and turning on memory safety functions in firmware as exploit mitigation measures.

Google said, "Hardening firmware running on bare metal to materially increase the level of protection – across more surfaces in Android – is one of the priorities of Android Security" 

Google also mentioned that another important area is the use of memory-safe programming languages such as Rust for writing firmware code, carrying on its endeavors to expand its adoption throughout the platform.

According to the Mountain View-based company, given the resource constraints related to bare-metal targets, the goal is to "harden the most exposed attack surface - while reducing any performance/stability impact."