Tuesday, January 7, 2025

Google’s Online Safety Blog: Google & Arm?

Who cares about GPUs?

What interconnectedness we share: you, me, and the entire ecological framework that supports us? GPUs (Graphics Processing Units) play a crucial role in rendering high-quality visual effects on mobile devices. Notwithstanding, the GPU software programme and firmware stack has evolved into a means by which attackers can obtain elevated privileges and entitlements, thereby achieving privilege escalation on Android-based devices. The shift in the semiconductor industry will likely have a profound impact on leading GPU manufacturers, including AMD, NVIDIA, and others, potentially altering their strategies and product offerings. The majority of GPU vulnerabilities that can be exploited lie within the kernel mode modules used to implement the GPU’s functionality. These modules are units of code that dynamically load and unload at runtime, enhancing performance without requiring a system reboot.

Proactive testing is a crucial aspect of software hygiene, enabling the early identification and remediation of potential vulnerabilities before they can be exploited by attackers. One of the most challenging aspects of conducting this investigation is that you cannot anticipate where the vulnerability may arise, which is precisely the point. Through a collaborative effort between Google’s engineering expertise, intellectual property holders, and original equipment manufacturers (OEMs), we will preserve the robust integrity of the Android ecosystem.

Why examine GPUs?

Due to their immense processing power and specialized architecture, GPUs have become a prime target for researchers seeking to identify and exploit vulnerabilities.

  1. Who wants to use a slow and uncooperative device? Any hit to GPU performance can significantly degrade the user’s experience. As such, the GPU software program stack in Android depends on an the place the API & consumer house drivers speaking with the GPU kernel mode module are operating immediately throughout the context of apps, thus avoiding IPC (interprocess communication). This potentially allows unverified and untrusted code from third-party apps to gain immediate access to the interface exposed by the GPU kernel module, thereby compromising system security and integrity. If weaknesses exist within the module, a third-party application may exploit them. Given the inherent risks associated with unauthorised access to the kernel module, it’s crucial that any attempt to interact with the GPU kernel module must be thoroughly vetted and validated through a trusted and secure interface, thereby preventing exploitation of potential vulnerabilities and ensuring the integrity of the system.

  2. As a result, the development of GPU subsystems, including kernel modules, by primary original equipment manufacturers (OEMs), has become increasingly convoluted. Kernel modules for many GPUs are typically implemented in memory-unsafe programming languages, such as C, which are susceptible to memory corruption vulnerabilities, including buffer overflows.

Can someone take action on this matter?

What do you mean by “already got”? Who’s we? What’s the mission behind this team? The Android Purple Workforce and Arm! – a cryptic name that begs for clarity. Can we decipher its purpose? Let’s dive into the world of machine learning with a comprehensive overview of our collaborative effort to harness the power of the Mali GPU.

The Android Purple Workforce carries out expedited security evaluations on every point of the Android open-source codebase, as well as regular security audits and assessments of internal Android components. Throughout these collaborations, the Android Purple Workforce frequently partners with third-party software and hardware suppliers to scrutinize proprietary and “closed-source” code repositories, as well as relevant supply code, to identify potential security risks and vulnerabilities that could be leveraged by external actors before they can be exploited by adversaries targeting Android. In 2022, the Android Purple Team partnered directly with their industry ally, Arm, to undertake a comprehensive Mali GPU security assessment, ultimately securing tens of thousands of Android devices worldwide.

The Company’s central product safety team ensures uniformity and adherence to its comprehensive corporate safety strategy across all divisions. With dedicated product safety specialists integrated within their engineering teams. Armed with a scientific strategy, Arm proactively works to identify, uncover, and eliminate safety vulnerabilities before they cause harm. This solution encompasses a comprehensive Safety Improvement Lifecycle (SDL), incorporates proactive Monitoring capabilities, and swiftly responds to Incidents with an effective Response mechanism. The Android Purple Group’s collaborative efforts have been bolstered by a team of embedded safety experts, predominantly situated within Arm’s Graphics Processing Unit (GPU) engineering division.

Collaborative efforts yield tangible results in securing Android devices?

Google’s Android Security teams have collaborated with Arm for a considerable period of time. While safety protocols may evolve over time, ensuring regulatory compliance remains a constant challenge for all GPU suppliers. Through collaborative efforts, the Android Purple Workforce and Arm have successfully accelerated detection and decision-making processes by consistently sharing their collective expertise. In-depth examinations of identified weaknesses, viable mitigation strategies, and security bolstering techniques guided meticulous assessments and the execution of solutions applicable to the context.

The latest analysis has focused specifically on the Mali GPU, given its prominence as the go-to choice for Android devices in today’s market. Collaborating on GPU safety has enabled our team to effectively address and mitigate potential risks associated with graphics processing unit usage.

  1. The Arm Mali GPU is a ubiquitous component, commonly found in many mass-produced consumer devices, particularly those manufactured by original equipment manufacturers (OEMs). By leveraging their expertise with the Arm Mali GPU, the Android Purple Workforce can comprehensively evaluate the security of a GPU implementation utilized by millions of Android devices globally.
  2. Manufacturers of telephones frequently adapt and tailor the underlying architecture of Graphics Processing Units (GPUs). This optimization tunes the Graphics Processing Unit (GPU) specifically for a manufacturer’s unique device(s). The process of implementing these modifications and enhancements is often challenging and may inadvertently introduce unforeseen safety vulnerabilities not present in the original, unmodified GPU upstream architecture. On this instance, Google’s Pixel team collaborated closely with the Android Open Source Development team to thoroughly review and secure the changes made for Pixel devices.

Enhancements

Following investigations, critical advancements have been made to bolster the security of the GPU software and firmware framework across a substantial segment of the Android landscape.

Testing the kernel driver

The fundamental component of a GPU system’s architecture is its kernel-mode driver. During this collaboration, the Android Purple Workforce and Arm jointly dedicated substantial resources to developing the Mali kbase kernel driver. Because of its inherent intricacy, fuzzing was selected as the initial testing approach in this context. Fuzzing enables automated and scalable vulnerability discovery, surpassing the limitations of manual approaches. With assistance from Arm, the Android Purple Team augmented the syzkaller fuzzing descriptions to align with the latest Mali kbase driver enhancements.

The team implemented limited modifications to enable fuzz testing of the Mali kbase driver in a cloud-based environment without requiring physical hardware. This innovation significantly enhanced the speed and capacity of fuzzing technology. With the assistance of the Pixel staff, we were able to set up fuzzing on specific Pixel devices. Through a combination of cloud-based fuzzing, pixel-based fuzzing, and comprehensive manual analysis, we were able to identify two memory corruption vulnerabilities in Pixel’s customized driver code (CVE-2023-48409 and CVE-2023-48421).

The GPU pixel handle buffer liveness update ioctl performs each point occurrence, undertaken by the Pixel team as part of customized gadget-specific personalization. The following are each reminiscence points attributed to integer overflow issues. If leveraged with deliberate attention and combined with other vulnerabilities, this combination could potentially lead to kernel-level privilege escalation from a consumer’s home network? The patches for each issue were promptly deployed and disseminated to all impacted devices on.

Testing the firmware

Firmware is another fundamental building block of the GPU subsystem. The software that mediates between kernel drivers and GPU hardware. In many situations, firmware performance is not readily accessible from the application. So “utility → kernel → firmware → kernel” is an identified assault move within this domain. Typically, firmware operates on embedded microcontrollers characterised by limited resources. Typically employed safety kernel mitigation strategies (ASLR, stack protection, heap safety, and similar sanitizers) are not applicable to firmware due to resource limitations and performance considerations. By isolating and securing the firmware, compromise can potentially become a more manageable risk in certain situations, as compared to directly compromising kernel drivers from the manufacturer’s source code. The Android Purple Workforce collaborated with Arm to conduct a comprehensive validation process, comprising fuzz testing, formal verification, and manual review, to ensure the integrity of the current firmware. The discovery and subsequent patching of CVE-2024-0153, a vulnerability with a multi-faceted approach that required swift action, ultimately resulted in a patch release during ?

CVE-2024-0153 arises when GPU firmware mishandles specific direction instructions. During the processing of such commands, the firmware transfers the register’s contents to a temporary storage area, known as a buffer. Dimensions are verified prior to the copying process taking place. Despite specific circumstances, an uncontrolled out-of-bounds write to the destination buffer ensues, triggering a buffer overflow consequence. Carefully crafted manipulation of this overflow can result in another crucial building’s data being overwritten, thereby triggering code execution directly within the GPU’s firmware.

The intricacies surrounding the achievement of exploiting this challenge necessitate a profound comprehension of direction execution mechanisms. With combined expertise, the Android Purple Workforce and Arm collaborated to verify the exploit pathway and capitalize on the vulnerability, ultimately achieving limited control over GPU firmware. The process ultimately returned to its core functionality to secure elevated access. The arm did a commendable job in responding promptly and effectively addressing the issue. Ultimately, this underscores the dynamic synergy that emerges when distinct teams come together to explore new depths.

Time to Patch

Attackers are exploiting GPU vulnerabilities in the wild, emphasizing the urgency to promptly patch vulnerabilities and minimize the risk of exploitation to safeguard customer data. Due to this collaboration, nine comprehensive Safety Test suite assessments were developed to enable partners to automatically verify their builds for missing Mali kbase patches. Google’s Suite offers a software program that enables companions to streamline the process of verifying their builds against missing security patches.

What’s Subsequent?

The Arm Product Safety Workforce is deeply engaged within the security-conscious industry ecosystems, fostering close collaborations with its partner organizations. The collaboration with the Android Purple Workforce serves as a prime example of how enablement strategies can drive the adoption of best practices and ultimately foster product excellence. Arm enhances its comprehensive product safety approach by introducing a bug bounty initiative to further strengthen its assurance capabilities. The proposed funding aims to enhance Arm’s capabilities in identifying potential vulnerabilities, thereby fortifying its security posture. To learn more about Arm’s product safety initiatives, visit our website at [insert URL].

Android and Arm collaborate to drive proactive advancements in GPU security. To ensure seamless user experiences, our team is rigorously testing, swiftly addressing issues, and implementing security enhancements to elevate the Android ecosystem’s overall stability. Android’s purple workforce seems poised to replicate its successful partnership model with various ecosystem partners to enhance device security.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles