Google has been placing more and more of the responsibility for the security of its mobile devices on the shoulders of its Titan security chips, and now the company is backing up its confidence in those chips with a massive new bug bounty.
The Titan M chip is the custom processor Google designed specifically for its Pixel Android phones and it serves a number of different functions. Starting with the boot process, Titan M controls much of the security functionality in the devices. It stores the last known-good Android image in a secure enclave as a defense against privileged attackers trying to force the device back to a vulnerable version of the operating system. The Titan M also verifies the Pixel’s lock screen passcode and handles the decryption process once the passcode is verified. Third-party apps also can use Titan M to generate and store the private keys for transactions in those apps.
The Pixel devices have been part of the Android Security Rewards program since the Pixel 3’s debut, but Google has decided to increase the top reward for researchers who find significant vulnerabilities in the Titan M to a full $1 million. Getting hold of that reward won’t be easy, however. It requires a researcher to demonstrate a complete remote code execution exploit chain against the Titan M chip, which is no mean feat.
“We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million,” Jessica Lin of the Android security team said.
The Titan M bounty applies to the Google phones that have the chip, which include the Pixel 3 and 3 XL, 3a and 3a XL, and 4.
Google, like Apple, has gradually shifted the bulk of the security features and operations of its mobile devices into hardware and away from software as attacks against the mobile operating systems have grown more sophisticated over the years. In modern iPhones, the Secure Enclave serves many of the same functions as the Titan M chip, along with several others. The Secure Enclave is essentially a separate computer running inside the iPhone that boots on its own and has its own software that the primary iOS doesn’t can’t access. It stores encryption keys, including the key used to encrypt and decrypt the biometric identifiers used on the device, whether it’s a fingerprint or Face ID images. Not only are keys for individual apps kept in the secure enclave, they’re also created inside the processor.
“When you store a private key in the Secure Enclave, you never actually handle the key, making it difficult for the key to become compromised. Instead, you instruct the Secure Enclave to create the key, securely store it, and perform operations with it. You receive only the output of these operations, such as encrypted data or a cryptographic signature verification outcome,” Apple’s documentation says.
The shift toward hardware for sensitive security operations in mobile devices is a reflection of the relative difficulty of finding and exploiting damaging vulnerabilities in each. The software attack surface in a modern mobile device is quite large, comprising the operating system, the pre-installed apps, and all of the third-party apps users install. The hardware attack surface is generally smaller and more difficult to reach. Google’s willingness to put a $1 million bounty on the table for a full remote exploit chain affecting the Titan M chip is a clear indicator of how much confidence the company has in the processor and its security.