TLDR:
- Google revealed Kernel Address Sanitizer (KASan) to strengthen Android firmware and beyond.
- KASan helps identify memory corruption vulnerabilities and stability issues before deployment on user devices.
Android devices are popular targets for hackers due to the platform’s widespread use and open-source nature. With over 2.5 billion active Android devices globally, the platform presents a significant attack surface. Google introduced Kernel Address Sanitizer (KASan) to address these vulnerabilities and enhance the security of Android firmware and beyond. KASan has broad applicability across firmware targets, allowing for the proactive identification of memory corruption vulnerabilities and stability issues before deployment on user devices. This tool has already led to the discovery and remediation of over 40 memory safety bugs in Google’s firmware targets. KASan’s core idea is to instrument memory access operations to verify the validity of destination/source regions, thereby preventing access to invalid regions and reporting violations. Enabling KASan for bare-metal targets involves implementing instrumentation routines, managing shadow memory to track covered regions, and ensuring custom KASan runtime implementations are in place. Additionally, leveraging Rust, a memory-safe language, can further enhance security measures in the Android system.