قالب وردپرس درنا توس
Home / Tips and Tricks / Your smartphone has a special security chip. That's how it works

Your smartphone has a special security chip. That's how it works



Google's new Pixel 3 phones have a "Titan M" security chip. Apple has something similar with its "Secure Enclave" on iPhones. Samsung's Galaxy phones and other Android phones often use ARM's TrustZone technology. How to protect your phone.

The Basics

These chips are basically separate small computers in your phone. They have different processors and memory and they run their own small operating systems.

The normal operating system of your phone and the applications running on it can not see in the safe area. This protects the safe area from tampering and allows the safe area a variety of useful things.

It's a Separate Processor

The secure enclave is part of the Apple A-Series system-on-a-chip hardware. [19659007] All these chips work in different ways. In Google's new pixel phones, Titan M is a physical chip separate from the phone's normal CPU.

With the Secure Enclave from Apple and ARM's TrustZone, the Secure Enclave or TrustZone is technically not another "chip" separate, isolated processor built into the main system-on-a-chip of the device. While it's built in, it still has a separate processor and memory area. Think of it as a chip inside the main chip. Anyway – whether Titan M, Secure Enclave or TrustZone – the chip is a separate "coprocessor". He has his own special storage area and operates his own operation system. It is completely isolated from everything else.

In other words, even if your entire Android or iOS operating system was compromised by malware and malware was able to access everything, it could not access the contents of the secure area.

RELATED: What is Apple's "Safe Enclave", and how does it protect my iPhone or Mac?

How does your phone protect it

Apple's Secure Enclave holds the keys to your biometric facial identification data

The data on your phone is stored encrypted on the hard drive. The key that unlocks the data is stored in the secure area. If you unlock your phone with PIN, password, face ID or Touch ID, the processor in the security area will authenticate you and use your key to decrypt your data in memory.

This encryption key never leaves the security scope of the security chip. If an attacker tries to log in by guessing multiple PINs or passwords, the secure chip can slow them down and force a delay between attempts. Even if that person had compromised your device's main operating system, the secure chip would limit your attempts to access your security keys.

On an iPhone or iPad, the secure enclave stores encryption keys that protect your face (for Face ID) fingerprint (for Touch ID) information. Even someone who has stolen your phone and compromised the main operating system of iOS can not display information about your fingerprint.

The Google Titan M-Chip can also protect sensitive transactions in Android apps. Apps can use Android 9's new "StrongBox KeyStore API" to generate and store their own private keys in Titan M. Google Pay will be testing this soon. It could also be used for other types of sensitive transactions, from voting to money transfer.

iPhones work similarly. Apple Pay uses the secure enclave so that the details of your payment card are securely stored and transferred. With Apple, apps on your phone can store their keys in the safe enclave for extra security. The Secure Enclave ensures that its own software is signed by Apple before booting so that it can not be replaced by modified software.

ARM's TrustZone works very much like the Secure Enclave. It uses a secure area of ​​the main processor to run critical software. Security keys can be stored here. Samsung's KNOX security software runs within ARM TrustZone and is therefore isolated from the rest of the system. Samsung Pay also uses ARM TrustZone to securely handle payment card information.

On a new pixel phone, the Titan M chip also secures the bootloader. When you start your phone, Titan M will make sure you are running the "last known secure Android version". Anyone who has access to your phone can not demote you to an older version of Android with known security vulnerabilities. And the firmware on Titan M can not be updated unless you enter your passcode so an attacker can not even make a malicious replacement for the Titan M firmware.

Why your phone needs a secure processor

Samsung Pay uses ARM TrustZone and Samsung KNOX.

Without a secure processor and isolated storage, your device is much more vulnerable. The secure chip isolates critical data such as encryption keys and payment information. Even if your device is compromised, malware can not access this information.

The secure area also throttles access to your device. Even if someone has their device and replaces their operating system with a compromised one, the secure chip will not guess millions of PINs or passwords per second. This will slow them down and lock them out of your device.

If you use a mobile wallet such as Apple Pay, Samsung Pay, or Google Pay, your payment details can be securely stored to ensure that no malicious software is running. Your device can access them.

Google is also doing some interesting new things with the Titan M chip, such as authenticating your boot loader and ensuring that no attacker can downgrade your operating system or replace your Titan M firmware.

Also, Specter attacks that allow an application to read memory that does not belong to it would not be able to crack those chips because the chips use memory that is completely separate from main system memory.

Protects your phone in the background

No smartphone user really needs to know anything about this hardware, though it should make you more secure if you have sensitive data such as credit cards and online banking data on your computer Store phone.

This is just a cool technology that works silently to protect your phone and your data and make you more secure. Many smart people invest a lot of time in securing modern smartphones and protect them from all possible attacks. And a lot of work is being done to make this security so effortless that you do not even have to think about it.

Source: Google, Poravute Siriphiroon / Shutterstock.com, Hadrian / Shutterstock. com, Samsung


Source link