Google is using Clang sanitizers to keep Android safe, enhancing the security of the Android operating system’s cellular baseband, effectively thwarting specific types of vulnerabilities.
Key components in this security strategy are the Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan). These integral elements form part of the UndefinedBehaviorSanitizer (UBSan), a tool adept at identifying various forms of ambiguous behaviour within programs as they execute.
In their recent publication, Ivan Lozano and Roger Piqueras Jover advocate for the activation of Clang sanitizers in existing C/C++ code bases as a proactive measure against unidentified vulnerabilities. Notably, these sanitizers exhibit versatility by being compatible with any architecture and are deployable on bare metal.
This development follows Google’s earlier commitment to collaborate with ecosystem partners in fortifying firmware compatibility with Android, aiming to enhance overall security. The objective is to create a more challenging environment for threat actors attempting to execute code remotely, particularly in the Wi-Fi SoC or the cellular baseband. This concerted effort aligns with Google’s ongoing commitment to bolster the resilience of the Android ecosystem against emerging cybersecurity threats.
IntSan and BoundSan, integral components of the compiler-based sanitizers, have been strategically enabled by Google to serve as a defence mechanism against potential exploits. These sanitizers specialize in detecting arithmetic overflows and validating the boundaries of array accesses.
Google has acknowledged the considerable impact on performance posed by both BoundSan and IntSan but has permitted their activation in critical attack surfaces essential for security before a comprehensive rollout to the entire codebase.
In this context, IMS, TCP, and IP stacks, along with messaging functions (SMS, MMS), are instrumental in parsing messages transmitted over the air in 2G, 3G, 4G, and 5G networks. These libraries possess the capability to encode and decode intricate formats, including ASN.1, XML, DNS, and more.
“In the particular case of 2G, the best strategy is to disable the stack altogether by supporting Android’s ‘2G toggle,'” researchers stated. “However, 2G is still a necessary mobile access technology in certain parts of the world, and some users might need to have this legacy protocol enabled.”
It’s important to note that while sanitizers provide tangible benefits, they don’t address other categories of flaws, such as those impacting memory safety. Consequently, to mitigate these issues, there’s a necessity to transition the codebase to a memory-safe language like Rust.
In early October 2023, Google announced a significant step in this direction by updating the protected VM (pVM) firmware for the Android Virtualization Framework (AVF) in Rust. This strategic move aims to establish memory safety for the pVM root of trust, underlining Google’s commitment to enhancing the overall robustness of the Android platform.
“As the high-level operating system becomes a more difficult target for attackers to exploit successfully, we expect that lower-level components such as the baseband will attract more attention,” the experts said.
“By using modern toolchains and deploying exploit mitigation technologies, the bar for attacking the baseband can be raised as well.”
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.