Google details Titan M custom security chip in Pixel 3
Now that the Google Pixel 3 is official, Google has continued to provide additional details about the custom silicon that it is implementing to help differentiate itself from the competition. In our analysis of the Made by Google event, we highlighted this as one of the areas that Google is starting to make real inroads. The new Titan M is built using the same type of technology that Google uses to secure its data servers, which makes it particularly robust.
The Titan M has been integrated into the boot process for the Pixel 3. It secures the bootloader and stores the last safe known version of Android. It prevents hackers from attempting to roll back the operating system to an older, potentially vulnerable version of the OS. It is also used to verify user lock screen passcodes and helps to limit logon attempts by random attackers. Only once a passcode is verified, will it permit decryption.
Google has also integrated Titan M into securing transactions through third-party apps. In Android 9 Pie, developers can use the StrongBox KeyStore APIs to store private keys in the Titan M chip. This is in addition to Google’s own Pay service. Google says the Pixel 3 is the first device to ship with this capability. It will work with apps that support e-voting and things like P2P money transfers to authenticate transactions.
Titan M also prevents device tampering from hackers (or even law enforcement), from bypassing the lock screen of the Pixel 3 in any attempt to update the firmware to decrypt the device and its contents. The firmware on the Titan M can only be updated with a successful passcode attempt. Google is also open sourcing the firmware so that the security community can audit the Titan M as well.
The Google Pixel 3 will officially go on sale in the US on October 18.