By Chris Skeldon 
Antivirus software and security measures don’t do much if the attack occurs before those defenses are in place. That’s why Google announced an initiative to improve firmware security for Android devices, in an effort to curb a type of sophisticated cyberattack, but its effectiveness has already been proven by security experts.
The work takes place in conjunction with platform development partners, all of whom focus on how various processors and SoC (System on a Chip, its abbreviation in English) components work. Android is just part of a whole that also includes communication modems, cellular antennas, image sensors, and other elements that make a smartphone work and can, yes, be targets for sophisticated cyber scams.
Remote attacks and malicious code injection from a distance are the main focus of Google’s work, which occurs on three main fronts. The company works on secure compilers that can detect security issues in code and memory during startup, control integrity and data flow, as well as safeguards against scams that take advantage of buffer overflows or resetting custom values, preventing errors and malicious exploits. to system resources. .
The general result of implementations of this type is slowness, because controls require memory and processing to function, and the problem becomes more noticeable in dedicated components. It is simpler, and therefore does not contain all the resources of the central processor, for example; Therefore, in addition to security itself, Google is focused on optimization.
You can’t escape a drop in performance, as the giant points out, but the idea is to ensure that the impact on the stability and operation of the operating system is minimal and imperceptible to users. This, according to the company, comes with a deep understanding of where and how much mitigation is activated, indicating work that may take time to become a reality.
While these apps don’t have a history, they aren’t even close to the first. From additional measures to protect accessibility features, which are heavily targeted by malicious banking software, to the increasing use of the Rust programming language, which ensures greater security for applications .
source: sleeping computer