Android 14 adds a new experimental feature called Advanced Memory Protection that can protect against memory security bugs on compatible devices.
Memory safety has been a priority for Google lately, as memory security bugs tend to be some of the most critical errors in software development. In fact, memory vulnerabilities were responsible for the majority of Android’s severe vulnerabilities until 2022, which is when Google wrote a large portion of its new native Android code in the Rust programming language instead of C/C++. Google is working to support other means to mitigate Android’s memory security vulnerabilities, one of which is called memory tagging. On supported devices running Android 14, there will be a new “Advanced memory protection” setting that will toggle this feature.
Memory Tagging Extension (MTE) is a mandatory hardware feature for Arm v9 CPUs that protects against memory security errors (with a slight runtime performance cost) by providing detailed information about memory violations. As Google explainsAt a high level, the MTE tag marks each memory allocation/deallocation with additional metadata. It assigns a tag to a memory location, which can then be bound to pointers pointing to that memory location. At runtime, the CPU checks Match the index and metadata tags on every load and store.”
Google is working to support MTE across the Android software suite for several versions now. In Android 12, scudo, the Android heap customizer, added support for three MTE run modes on compatible devices: synchronous mode, asynchronous mode, and asymmetric mode. Google has also made it possible to enable MTE for system processes at build time or through system properties and/or environment variables. Applications can subscribe to MTE support through Android: memtagMode Describe. When MTE is enabled for processes in Android, entire categories of memory integrity errors like use-after-free and buffer overflows trigger a crash instead of silent memory corruption.
In Android 13, Google added a userspace ABI to connect the required MTE boot mode to the bootloader. This can be used to enable MTE on compatible devices with which it is not enabled by default, or alternatively it can be used to disable it on compatible devices with which it is enabled by default. Setting the ro.arm64.memtag.bootctl_supported system property to true in Android 13 will tell the system that the bootloader supports the ABI and also trigger a button that appears in the developer options menu that allowed the user to enable MTE on the next reboot. This was aimed at developers who wanted to test the behavior of their applications with MTE enabled.
In Android 14, though, enabling MTE on compatible devices no longer requires diving into developer options. If the device has an Arm v8.5 + CPU with MTE support, the device implementation supports ABI to connect the required MTE boot mode to the bootloader, and the new system property ‘ro.arm64.memtag.bootctl_settings_toggle’ is set to true, the ” New Advanced Memory Protection” in Settings > Security & privacy > More security settings. This page can also be launched through the new one ACTION_ADVANCED_MEMORY_PROTECTION_SETTINGS action intent.
Notably, the Tensor G2 chipset in the Google Pixel 7 The series uses Arm v8.2 CPU cores, thus it does not support MTE. If the upcoming Google Pixel 8 series uses new Arm v9 CPU cores like many other Android flagships, it will have MTE capable hardware.
Thanks for the security researcher @tweet To help them in this article!
[ad_2]
