Google launched the Pixel 3, Pixel 3 XL and the Pixel Slate at its hardware event last evening and during the announcements, the company also introduced a new Titan M custom security chip for the new smartphones and tablet. While Google sparingly spoke about Titan M at the event, in a blogpost, it said - “We’ve integrated Titan Security, the system we built for Google, into our new mobile devices. Titan Security protects your most sensitive on-device data by securing your lock screen and strengthening disk encryption”.
Google first introduced the Titan Security system for its Google Cloud Platform last year as a local line of defense against firmware hacks. It is a secure, low-power microchip, not much larger than a button, designed with Google hardware security requirements and scenarios in mind. Titan ensures that a machine boots from a known good state using verifiable code, and establishes the hardware root of trust for cryptographic operations in Google’s data centers, and now its phones and tablet
Remember when researchers managed to hack into a Tesla Model X last year, gaining control of the car remotely? Once Tesla's firmware signing system was bypassed, security researchers installed new firmware in the systems that could then execute custom commands and carry out various functions. After the incident Tesla introduced a new Hardware Root of Trust in their systems to implement a code signing policy for any firmware installations on the system. What this essentially did was secure the SoC, CPU, and runtime operations. Hardware Root of Trust ensures that the SoC and all its components function as intended and any attempt to introduce malicious code is squashed. It also takes plain-text data on the SoC and adds protection to it using encryption, authentication.
By implementing a hardware root of trust on the Pixel smartphones, Google ensures that unlock credentials are protected, along with disk encryption, app data, and the integrity of the operating system code itself. Titan M will help fight against malicious firmware implants and defend against installation of rootkits which could potentially give hackers privileged access to the information stored on the device. "Typically, secure boot relies on a combination of an authenticated boot firmware and boot loader along with digitally signed boot files to provide its security guarantees. In addition, a secure element can provide private key storage and management. Titan not only meets these expectations, but goes above and beyond to provide two important additional security properties: remediation and first-instruction integrity. Trust can be re-established through remediation in the event that bugs in Titan firmware are found and patched, and first-instruction integrity allows us to identify the earliest code that runs on each machine’s startup cycle," Google explains in a blogpost.
Even Google’s Titan Security Keys for physical login authentication deploy a similar hardware chip that includes firmware developed by Google helps to verify that the keys haven’t been tampered with. “The hardware chips are designed to resist physical attacks aimed at extracting firmware and secret key material,” says Google.