Google, Arm team up to tackle memory vulnerabilities through MTE

Google has announced a partnership with chipmaker Arm to design an Android-ready MTE extension for reducing the number of memory-related vulnerabilities in the mobile platform. 

Last week, Kostya Serebryany from Google Core Systems and Sudhi Herle, a member of the Android Security & Privacy Team said that both companies will work together to design the memory tagging extension (MTE), a hardware feature that will function as a memory bug scanning tool.

"Memory safety bugs, common in C and C++, remain one of the largest vulnerabilities in the Android platform and although there have been previous hardening efforts, memory safety bugs comprised more than half of the high priority security bugs in Android 9," Google says. "Additionally, memory safety bugs manifest as hard to diagnose reliability problems, including sporadic crashes or silent data corruption."

In order to give "user satisfaction" a boost and potentially bring down the cost of software development, Google and Arm's MTE design will focus on detecting bugs with "low overhead."

See also: Anubis Android banking malware returns with extensive financial app hit list

MTE will execute in one of two ways; a "precise" mode that will provide detailed information concerning a memory error or security flaw, and "imprecise" mode, which does not require heavy computational power and could, therefore, be an always-on feature. 

Arm has published a whitepaper documenting the applications of MTE. In an accompanying blog post, the chip designer said that MTE can detect the two main types of memory issues that exist. 

The first is the violation of spatial safety, which occurs when an object is accessed outside of its correct bounds. The second is temporal safety violation, a problem which can be exploited when an object reference is used after its expiry and once the object's memory is freed -- also known as use-after-free vulnerabilities. 

CNET: Equifax settlement: Discover if you're eligible, file a claim, see what you'll get

Google says that MTE will be useful for testing and fuzzing in laboratory environments and will find "more bugs in a fraction of the time and at a lower cost," and the hardware will also be able to provide reports as detailed as those generated by today's ASAN and HWASAN tools. 

In addition, Google believes MTE will assist Android developers and OEMs in testing software through the development lifecycle. 

While HWASAN has already been tested on the Android platform and with a small number of applications -- finding almost 100 memory bugs in the process -- Google says that MTE will likely vastly improve on these results in terms of cost reduction, ease of use, and scalability. 

TechRepublic: How to build a vulnerability response plan: 6 tips

Google is now working with Arm System On Chip (SoC) vendors to test MTE support for the Android software stack. 

"We believe that memory tagging will detect the most common classes of memory safety bugs in the wild, helping vendors identify and fix them, discouraging malicious actors from exploiting them," the tech giant says. "We are considering MTE as a possible foundational requirement for certain tiers of Android devices."

Many of 2018's most dangerous Android and iOS security flaws still threaten your mobile security

Previous and related coverage

• Google Project Zero: 95.8% of all bug reports are fixed before deadline expires
  
• This new Android ransomware infects you through SMS messages
  
• Malicious lifestyle apps found on Google Play, 30 million installs recorded
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0