Google has announced a new security feature for Pixel devices. Called Pixel Binary Transparency, the feature doesn’t improve the security of the devices but gives users a way to verify that their Pixel isn’t compromised or hacked. It’s available for Pixel 6 and newer models, including the Pixel Tablet and Pixel Fold.
Android smartphones, including Pixels, pass through various supply chain processes before reaching consumers. Along with the Android OS, these devices come with add-ons from manufacturers and carriers. You’ll also find many third-party apps and services, as well as open-source libraries and codes on your phone out of the box.
Devices are at risk of being compromised at any of these stages. While there are measures in place to ensure a safe and secure passage through the supply chain, bad actors can still somehow exploit these processes and insert malware into the devices. If not detected early, consumers will unbox malware-infected devices, compromising their security from the get-go.
As pointed out by Google in a recent blog post, these supply chain attacks target “the systems that create software to install a backdoor into the code, allowing attackers to access and steal customer data.” On Pixel devices, the company counters such attacks by auditing the firmware, AKA factory image, before release. It thoroughly checks the software for backdoors.
Once the phone reaches a consumer and is turned on for the first time, Android Verified Boot runs a check to ensure that it is running the same audited code released by Google. This eliminates the risk of supply chain attacks. But consumers still have no way to verify all of this themselves. Well, not until the company introduced the Pixel Binary Transparency feature.
Pixel Binary Transparency lets users check for supply chain attacks
Pixel Binary Transparency uses a public, cryptographic log to check for supply chain attacks. The log records metadata about official factory images of new Pixel phones. The feature lets users manually verify that their Pixel came out of the box running the same firmware build that the log records.
According to Google, this log is append-only. In simpler terms, it accepts new entries, but no one can ever change or delete an existing entry. This makes it impossible for supply chain attacks to pass through without detection. Even if bad actors alter the factory image on the device, they can’t alter the metadata Google added to the log. The company has shared technical details of this feature here.
2023-08-21 15:05:53