Android Oreo Security Enhancements Detailed by Google
- Google develops Android Verified Boot 2.0 with Project Treble
- Android Oreo includes new OEM Lock Hardware Abstractions Layer
- Google implements Control Flow Integration (CFI)
Android Marshmallow and Nougat already enhanced hardware security on devices. But with Android Oreo, Google has provided a new reference implementation of its Verified Boot that is designed to prevent devices from booting up with tampered software. The reference implementation, called Android Verified Boot 2.0, runs with Project Treble to enable security updates such as a common footer format and rollback protection. The latter among the two is designed to prevent a device to boot if downgraded to an older OS version, which could include some vulnerabilities. Initially, Google’s Pixel 2and Pixel 2 XL are available with the newest development, though the Android maker recommends all device manufacturers to add the same feature to their new devices.
Apart from the new Verified Boot version, Android Oreo includes the new OEM Lock Hardware Abstractions Layer (HAL) that allows devices manufacturers to implement the way how they protect whether a device is locked, unlocked, or unlockable. Google has also claimed to have invested support in tamper-resistant hardware, including the development of a physical chip that can prevent software and hardware attacks on the new Pixel 2 family. It also resists physical penetration attacks.
Android Oreo also enables an enhanced isolation by removing direct hardware access from the default media frameworks. Similarly, Google has enabled Control Flow Integration (CFI) across all media components to disallow arbitrary changes to the original control flow graph to make it harder for attackers to perform malicious activities. Oreo version also has seccomp filtering, hardened usercopy, Privileged Access Never (PAN) emulation, and Kernel Address Space Layout Randomisation (KASLR). Additionally, Google has isolated WebView by splitting the rendering engine into a separate process and running the same in an isolated sandbox to restrict external resources. You can read the detailed blog post to understand all the behind-the-scenes developments.