Google today shared some of the first details that support its first claim that Pixel 3 is still "the safest phone," after the new Pixel 3 program in New York receive the company's Titan M security chip
That chip, Google tells in a blog post today, is an enterprise-grade security chip custom-built for Pixel 3. With this, the CEO of the Android security team, Sheohen Zin explained to the post,
Google used the best features of the company's Google Cloud Data Center and made them mobile, as the CNET Report Notes and what Titan M is a dedicated chip of Google's own self-Qualcomm Snapdragon 845 processor, which is already part of the security features. Classification.
Zin told in the post, "Here are some ways Titan M protects your phone." "First of all, to protect Android from external tampering, we've integrated Titan M into the verified boot, our secure boot process.
"Titan M helps bootloader - this program that validates and loads Android when the phone is turned on - make sure you are running the correct version of Android. Specifically,
Titan M stores the last known safe Android version And prevents 'bad actors' to move your device back and forth, to run on the old, potentially weaker version of Android. In an effort to unlock the bootloader prevents the ongoing attackers in Android. "
Titan M is also used by Pixel 3 to verify the volume of your lock screen passcode and log-in efforts. Once the passcode is validated, Titan M allows for decryption - and fully independent calculation of Titan M, Safe Flash and Zin post joints, it is also difficult for the attacker to learn that they have data What needs to be decrypted about the requirement
Another important point: Pixel 3 also uses third-party applications and secures sensitive transactions. Zin explains that with Android 9, the app can now take advantage of the Strongbox Keystore API to create and store a private key in Titan M.
According to the post "Google Pay Team", "is actively testing these new APIs to secure the transaction." For apps that rely on user interaction to confirm those transactions, Titan M enabled Android 9 protected confirmation - according to Google, the first device to ship with this protection
After all, Google also created Titan M with "Inside Attack Resistance", which means that the firmware can not be updated until you enter your passcode, causing the bad actor to bypass the lock screen by fate trying.
We were definitely worried about getting the first word about the chip, so far as the camera processor can be as exciting as possible and even if there is a lack of any opponent on computing devices May be. "With Pixel 3,"
Zin's post today concluded that the phone running on sale in the US yesterday, "We have increased our investment in security and placed industry-leading hardware facilities in the device so that you are confident Your safety and privacy are well protected. "
Google touched the new Titan M security chip in the last week's Pixel unveiling, but the hardware clearer Rick Osterloh was unclear on the details.
Now, Google has provided more information about this new piece of silicon, which is doing Pixel 3. Not only does it make it harder to bypass your lockbox, but it makes phone firmware accurate with so-called "side-channel" attacks such as Meltdown and Specter
Titan M is Google's second generation custom security chip - you can see Titan M on the right, beside the Titan server chip. In Android Pie,
Google provides a strong box for Kastor API for developers, which allows apps to create and store private keys in Titan M for increased security. The Google Payment Team is looking at Titan M on pixel 3 to protect your transactions.
The Titan of Pixel 3 is completely different from the M system, allowing it to independently verify its lock screen code before decrypting and unlocking the phone. There is an attempt to unlock it too, which can prevent it from happening. Similarly, factory reset protection runs on Titan M so only your account can unlock after resetting your account.
Google has created the Cortex-M3 CPU Core to power Titan M with custom hardening against the above-party-channel attacks. In addition, M3 is not shared with the processor, cache, and memory system. It is also the best way to block all known attacks.
Titan M is also associated with Android's Safe Boot process, which prevents an attacker from exploiting your phone by running an old or modified firmware. Titan's internal firmware is also locked so Google can not unlock your phone too.
Google says that it will soon issue the Titan M source code, allowing third parties to independently verify these claims. Google retains the root cause for signing Titan firmware, but it will be possible to reproduce the binary build for Titan M by public code.
