Google Introduces Pixel Binary Transparency Feature to Verify Firmware Authenticity

Google has announced a new feature called Pixel Binary Transparency, allowing users to manually verify the authenticity of their Pixel firmware. This feature aims to combat software supply chain attacks, where software is compromised before reaching users.

In addition to the existing Android Verified Boot feature, which checks the source of firmware, Pixel Binary Transparency enables users to confirm if they are running a trusted version of Android on their Pixels. Google achieves this by generating a public cryptographic log containing metadata for factory firmware images. Pixel owners can then use this log to verify that their firmware comes directly from Google and has not been tampered with.

The Pixel maker states that the information in the log cannot be altered to match a tampered version of the software without detection. However, it is worth noting that most users will not need to utilize this feature, as Android Verified Boot already ensures the authenticity of the firmware.

Instructions for using the Pixel Binary Transparency feature can be found on this page, which requires connecting to the device via ADB (Android Debug Bridge). It is important to mention that this feature may not be available on smartphones from other brands at this time, as it is currently Pixel-exclusive. However, it would be interesting to see other manufacturers implement similar capabilities.

By introducing Pixel Binary Transparency, Google is taking another step to enhance the security of its devices and protect users against potential supply chain attacks.

link … Read More ...

Google Introduces Pixel Binary Transparency Feature to Verify Firmware Authenticity

Google has announced a new feature called Pixel Binary Transparency, allowing users to manually verify the authenticity of their Pixel firmware. This feature aims to combat software supply chain attacks, where software is compromised before reaching users.

In addition to the existing Android Verified Boot feature, which checks the source of firmware, Pixel Binary Transparency enables users to confirm if they are running a trusted version of Android on their Pixels. Google achieves this by generating a public cryptographic log containing metadata for factory firmware images. Pixel owners can then use this log to verify that their firmware comes directly from Google and has not been tampered with.

The Pixel maker states that the information in the log cannot be altered to match a tampered version of the software without detection. However, it is worth noting that most users will not need to utilize this feature, as Android Verified Boot already ensures the authenticity of the firmware.

Instructions for using the Pixel Binary Transparency feature can be found on this page, which requires connecting to the device via ADB (Android Debug Bridge). It is important to mention that this feature may not be available on smartphones from other brands at this time, as it is currently Pixel-exclusive. However, it would be interesting to see other manufacturers implement similar capabilities.

By introducing Pixel Binary Transparency, Google is taking another step to enhance the security of its devices and protect users against potential supply chain attacks.

link … Read More ...

Google Introduces Pixel Binary Transparency Feature to Verify Firmware

Google has introduced a new feature called Pixel Binary Transparency. The feature allows users to manually verify the firmware on their Pixel devices to ensure that it has not been hacked. This new feature is designed to combat software supply chain attacks, where the software is compromised before it reaches users.

Previously, Google offered the Android Verified Boot feature to check the authenticity of firmware from trusted sources. With Pixel Binary Transparency, users themselves can now verify that they are running a trusted version of Android. Google generates a public cryptographic log of metadata for factory firmware images, which Pixel owners can use to confirm the authenticity of their firmware.

According to Google, it is mathematically impossible to change the information in the log to match a tampered version of the software without detection. This provides an added layer of security for Pixel users.

It is important to note that most users will not need to use the Pixel Binary Transparency feature, as Android Verified Boot already ensures the authenticity of the firmware. However, Google has provided instructions for those interested in trying out the feature, which requires connecting the device via ADB.

While this feature is currently exclusive to Pixel devices, it would be interesting to see other manufacturers offering similar capabilities. This additional security measure helps protect users from potential supply chain attacks and ensures that they are running genuine firmware on their devices.

link … Read More ...