The Titan M Chip Powers Up Pixel 3 Security
Credit to Author: Brian Barrett| Date: Sun, 21 Oct 2018 11:00:00 +0000
The Google Pixel 3 has all the betterments you would expect from a flashy flagship smartphone: great camera, zippy processor, smarter AI. It also, though, comes with an unexpected bonus, one that works so deeply in the background you’ll likely never even know it’s there. The Titan M chip may be small and discreet, but it helps make the Pixel 3 and its beefier sibling, the Pixel 3 XL, among the most secure smartphones you can buy.
The Titan M draws inspiration from the Titan chip that helps safeguard Google servers, and while they differ some in the details—the Titan M draws much less power, for instance, so as not to tax your battery—they both share the task of protecting hardware against the most sophisticated, and devastating, attacks. And because it sits entirely apart from the Pixel 3's main processor, it helps cordon off the most sensitive data your smartphone holds.
"Once the tools are there and the knowledge is there, the attacks will tickle down."
Will Drewry, Google
One such attack the Titan M is designed to protect against is the boot-time attack. “If you put yourself in the shoes of an attacker, the earlier you can interfere in the process, the more power you have, generally. If you can interfere when the chip is being manufactured, that’s phenomenal,” says Simha Sethumadhavan, a computer scientist at Columbia University. “If you cannot do that, the other place to do it is when the system is booting. When the system is booting, it’s initializing and needs to run at the highest privilege. It’s a super convenient place for the attacker to interfere. They can get access to all the happenings in the system.”
Titan M heads off these boot-time attacks by tying into Verified Boot, a feature introduced in 2017 with Android Oreo. Verified Boot confirms that you’re running the correct version of Android as soon as you turn it on; by leveraging Titan M, the Pixel 3 ensures the integrity of that check before an attacker has a chance to downgrade you to something more vulnerable, or meddles with your bootloader.
The chip also helps prevent fake log-ins, both by limiting the number of passcode attempts and by having a direct electrical connection to the Pixel’s side buttons so that an attacker can’t create fake button presses to make it seem like a user is present when none is.
Having a secure, mobile hardware element isn’t especially novel; the ARM chips that power most higher-end Android smartphones have something called TrustZone, a secure enclave within the main processor that sits apart from the operating system. And Apple’s Secure Enclave, a cordoned off part of its A series of processors, has for years provided safe storage for your private keys and biometric information.
But because it’s a separate chip altogether, Titan M takes that isolation to the extreme.
“Everything that’s living in the main processor is sharing cache and RAM, for the most part. In order to use it to protect keys, that’s a reasonable thing to do, but you know there’s still going to be the risk of attacks like Spectre, Meltdown, and Rowhammer,” says Will Drewry, principle software engineer at Google, referring to prominent examples of pernicious hardware-based attacks. “For us, we moved the key matter to tamper-resistant hardware that has its own private storage, its own private RAM, its own private processing.”
By opting for a distinct, hardened chip, Google can better inoculate the Pixel 3 from the so-called side channel attacks that leverage hiccups in interactions between components. In fairness, the risk of that kind of advanced technique to the average user is relatively low, given the relative ease of software-based attacks. They still happen, though, which makes them worth defending against—especially if, as Drewry suspects, they become increasingly common over time.
“It’s only a matter of time that these shared resource attacks become cheap enough that they become opportunistic,” he says. “Once the tools are there and the knowledge is there, the attacks will tickle down. For us it’s about being proactive.”
"This raises the bar significantly."
Simha Sethumadhavan, Columbia University
And while Google began work on Titan chips long before Bloomberg’s recent blockbuster—and hotly contested—report about attacks on the supply chain, that class of vulnerability was on the company’s mind from the beginning of their development.
“As technology shrinks, the opportunities change, and where you can place parts and how big they are changes, but practically supply chain attacks have always been there,” says Drewry. To minimize the chances of any unwanted elements sneaking into the Titan M along the way, Google created a custom provisioning process. By building the chipset itself, it has insight into its manufacturing from start to finish. And Google will also make it easier for security researchers to make sure it’s living up to its promises of protection.
“The firmware for this will be fully open source in the coming months, which I think is very unique in the industry,” says Google security project manager Xiaowen Xin.
None of which is to say that the Titan M is invincible. But it is a significant step forward for security-minded Android users, and no small advance for a platform that has historically been more vulnerable than iOS. “It is, I think, terrific that Google is doing these kinds of hardware enhancements. It’s much harder to break than software defenses,” says Columbia’s Sethumadhavan. “This raises the bar significantly.”