News Categories

This is how Google's Titan M security chip on the Pixel 3 works

By Koh Wanzi - on 18 Oct 2018, 3:17pm

This is how Google's Titan M security chip on the Pixel 3 works

Google says the Pixel 3 phones are its most secure yet, thanks to the custom Titan M security chip. But how exactly does the chip make your phone safer? Google's now posted an explainer answering these questions. To put things simply, the chip both safeguards sensitive information and watches over what's happening on your phone, which helps protect you from suspicious activity. 

First off, the Titan M chip is integrated into Verified Boot, Android's secure boot process. The bootloader is a program that validates and loads Android when the phone turns on, and Titan M helps it make sure that you're running the correct version of Android. It stores the last known safe version of Android and prevents malicious actors from rolling your device back to an older, potentially vulnerable version. In addition, it prevents attackers running in Android from unlocking the bootloader.

On top of that, Titan M verifies your lock screen passcode. It makes it harder for brute force attacks to guess your password by limiting the number of log-in attempts. Your passcode needs to be successfully verified before Titan M will allow for decryption. 

Furthermore, the chip has its own secure flash and operates fully independently, so it's more difficult for attackers to tamper with it.

However, Titan M doesn't just protect Android. It can also safeguard third-party apps and sensitive transactions. Android Pie allows apps to take advantage of Google's StrongBox KeyStore APIs to generate and store their private keys in Titan M, something the Google Pay team is currently testing to secure its own transactions. 

Some apps also require user interaction to confirm a transaction. In cases like that, Titan M enables Android 9 Protected Confirmation, an API that helps ensure that it was really you who authorized the transaction. This could come in especially handy in things like peer-to-peer money transfers.

Finally, Titan M was built with insider attack resistance, which means its firmware will never be updated unless you entered your passcode. In other words, an attacker won't be able to bypass your lockscreen to update the firmware to a malicious version.

Source: Google

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.