- Google has discussed its new Titan M security chip found in its soon-to-be-released Pixel 3 phones.
- The custom chip is designed to add an extra layer of protection to the Pixel 3 to keep your device and data safe.
- It makes hijacking or tampering with a Pixel 3 more difficult with several smart systems
Google says the Pixel 3 is its most secure phone yet and it’s thanks to a new chip, the Titan M. The Mountain View company detailed its custom-built chip in a blog post yesterday, outlining three key ways in which the chip aids the Pixel 3’s security.
The first of these relates to the bootloader. The Titan M works in conjunction with its Verified Boot system as an extra layer of defense against hackers and other attacks. This helps ensure that the version of Android booted up on the device is safe and hasn’t been tampered with or rolled back to a previous, less secure version.
It’s also said to prevent hackers unlocking the bootloader, but what that means for device owners wanting to unlock their bootloader intentionally, we don’t yet know (I expect this will still be possible, though).
Google Pixel 3: Where to buy, when, and how much (Update: General sales begin)
Google announced the Google Pixel 3 and Google Pixel 3 XL in New York City on October 9. Although numerous leaks over the past few months told us pretty much everything we needed to know …
The Titan M also integrates with the Pixel 3’s lock screen passcodes, limiting how many login attempts can be made. This should make it more difficult for people to spam password combinations to gain access to another person’s device, but Google doesn’t explain exactly why the Titan M is necessary for limiting these login attempts. Android already has systems in place to dissuade false login attempts, like locking you out of the handset if you fail a few in quick succession. Seemingly, the Titan M offers a more sophisticated version of this, but to what extent we can’t say.
Additionally, the chip’s secure flash and fully independent computation make it more difficult for hackers to decrypt your data.
Google has also tackled transaction security in third-party apps with the Titan M. The chip supports Android Pie’s StrongBox KeyStore and Protected Confirmation APIs to store private keys and ensure real users are confirming transactions (not malware bots).
Finally, the Titan M is also built on Android’s Insider Attack Resistance security module, said to make it harder to bypass the lock screen and tamper with the firmware.
These all sound like positive moves, but there are some interesting implications. One is that the Android itself isn’t completely secure, as it benefits from additional hardware protection. However, this could perhaps be said of all major software platforms, and hardware security systems are becoming more common as an extra defence.
The other implication relates to Android OEMs. For much of Android’s security systems, third-party manufacturers are at Google’s mercy. Android may be a comparatively secure ecosystem, but with Google adopting — and by proxy, advocating — security chips, other companies might feel obligated to follow suit. This could be good news for Android fans, but it could also inflate prices.
Up next: Google Pixel 3 and Pixel 3 XL review
October 18, 2018 at 09:51AM