Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities
Dec 13, 2023
Mobile Communication / Firmware security
Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer ( UBSan ), a tool designed to catch various kinds of undefined behavior during program execution. "They are architecture agnostic, suitable for bare-metal deployment, and should be enabled in existing C/C++ code bases to mitigate unknown vulnerabilities," Ivan Lozano and Roger Piqueras Jover said in a Tuesday post. The development comes months after the tech giant said it's working with ecosystem partners to increase the security of firmware that interacts with Android, thereby making it difficult for threat actors to achieve remote code execution within the Wi-Fi SoC or the cellular baseband. IntSan and BoundSan are two of the compi