Robert Triggs / Android Authority
TL;DR
- Google improved its security for the Pixel 9 series.
- To tighten up the security, the company focused on securing the device’s baseband.
- The baseband has increasingly become a common attack vector by hackers.
With smartphones being such an important part of our lives, keeping them safe from security risks is essential. Among today’s flagship handsets, Google’s Pixel phone rivals the likes of Apple’s iPhone and Samsung’s Galaxy S in terms of security. However, Google raised the bar in this area with the Pixel 9 series.
In a new blog post, Google discusses the vulnerabilities phones face and how it further tightened security with the Pixel 9 series. Specifically, the company made changes to the Pixel’s baseband.
If you’re not familiar with the role of the baseband, it’s the tech that handles how your phone communicates with a cellular network. As Google explains, the baseband has increasingly become an area of focus among security researchers as it tends to lack exploit mitigations. Meaning that it’s an attack vector just waiting to be taken advantage of by hackers.
As for what changes were made, Google focused its attention on five key points of interest. Before we dive into the changes, let me warn you that this may all sound a bit technical, but stick with us as we try to explain. The changes include:
- Bounds Sanitizer: A Bounds Sanitizer prevents code from accessing memory outside of designated areas. This prevents attackers from using a bug in the code to stuff too much data into a space, which could lead to data corruption or the execution of malicious code.
- Integer overflow sanitizer: This ensures that numbers are correctly interpreted. Misinterpreted values can be used by hackers to cause unexpected behaviors.
- Stack canaries: These act as tripwires to help detect bad code. If an attacker tries to exploit a vulnerability, the canary will alert the system.
- Control flow integrity: The CFI keeps code execution contained to limited paths. This makes it harder for hackers to change the flow of information in the device. If an attack tries to deviate from the path, the system is alerted, working much like the stack canaries mentioned before.
- Auto-initialize stack variables: This helps the device use all of the memory it has access to. As a result, attackers can’t use unused data to leak information.
Simply put, Google improved some security features in the baseband while also adding a few new features, like the stack canaries. These changes make it much more difficult for attackers to exploit vulnerabilities in the Pixel 9 series.
