Earlier this year Google announced a product they were calling the Titan Security Key. You can think of it as a FIDO or Yubico security key but one that Google themselves developed. You can buy one of these right now, but they also created the Titan M chip and have embedded it into the Pixel 3.
The Titan Security Key Bundle is actually available right now for purchase but it will set you back $50. This is a lot to pay for considering they said they wanted to keep it cheap but the FIDO or Yubico security keys cost much less. However, Google claims their Titan Security Key bundle is a stronger way to protect your account. In fact, they even came out and said: “we have had no reported or confirmed account takeovers since implementing security keys at Google.”
So What is the Titan Security Bundle?
Again, you can think of this as a FIDO or Yubico security key. But not many people are aware of what those are in the first place. The goal of these security keys is to keep your account as safe and as secure as possible. You can think of it as a second lock that needs to be present even after you put your password in. We have seen a lot of security breaches online lately. Many people use the same password for multiple accounts and that can lead to an even worse circumstance.
I personally use LastPass to generate difficult and new passwords for everything I have to log into. But nothing is hack-proof and even LastPass could get hacked one day. However, if you’re using one of these Titan Security keys from Google (or a FIDO/Yubico key), then it doesn’t matter if some hacker knows your password. Naturally, it’s a good idea to change your password if something like this happens, but if you’re using two-factor authentication like this then you’re safe if they just know your password.
So, what does the Titan Security Key have to do with the Google Pixel 3? The company says they took the best features of the Titan Security key and put it into a chip. This chip is inside the Pixel 3 and the Pixel 3 XL and again, it’s goal is to keep your account as safe as possible. Google says that this chip, combined with monthly security updates, and Google Play Protect make these two smartphones the most secure they’ve ever released.
This hasn’t stopped us Android enthusiasts from unlocking the bootloader and gaining root access, but Google has never been adverse to that in the first place. They do, however, want to keep those who want a secure smartphone to rest assured knowing that they have the best Google has to offer in their latest flagship smartphones.
How Does the Titan M Chip Keep the Pixel 3 Secure?
Many smartphone OEMs keep their devices as secure as they can in different ways. Samsung has Knox and other companies have their own security protection in place as well. The Titan M Chip inside the Pixel 3 smartphones is a custom-built enterprise-grade security chip that will keep the most sensitive data on your device protected. The company needed to make this custom-built for a number of reasons with a main goal being very light on your battery.
Just like the Titan Security Keys are used as a layer of protection to keep your account save, the Titan M chip is a layer of security that will protect your hardware from certain exploits. Android’s monthly security updates have done a great job at keeping the software secure, but every now and then there’s a hardware exploit that allows people to break into the device.
Google spoke a little bit about how the Titan M chip will be keeping their latest smartphones secure. Since it is a dedicated chip that is completely separate from other security layers (like how ARM has TrustZone in their chipsets) it is able to keep isolated from various attacks. One of these attacks that the Titan M chip will excel at keeping the phone secure is from boot-time attacks.
Boot-time attacks are generally considered very dangerous because they gain control of a smartphone before other security layers are able to enforce their rules. These types of attacks to tend to be rare thanks to a feature called Verified Boot, but the Titan M chip ties into this feature to make it even more powerful. Verified Boot was put in place last year to check the integrity of the software running on your smartphone
Titan M Chip Prevents Fake Logins
If you give a hacker enough tries, they will eventually be able to brute force their way into any system with a username and password. So the Pixel 3’s Titan Security helps to eliminate this by limiting the number of login attempts someone is allowed to do. Not only that but the Titan M chip also has a direct electrical connection to the Pixel’s side buttons.
While this might not seem like a big deal, hackers have used fake button presses to make it seem like there’s a real person there trying to log into your account (instead of letting a script do all the work). This is really just the tip of the iceberg when it comes to how the Google Titan Security M chip can protect your data on the Pixel 3 and Pixel 3 XL.
Keeping Transactions Secure in 3rd-Party Apps
People are spending more and more money in applications and games these days. This means that if your smartphone is hacked then it can listen in and potentially steal the credit card or banking data when you make a transaction with an application. Again, this is another place where the Titan M chip helps out as it uses Android Pie’s StrongBox KeyStore APIs to generate and store their private keys inside the isolated chip.
Some applications rely on the interaction of a user in order to confirm a transaction. This is a convenient security layer but again, it can taken advantage of in rare cases. Android Pie also introduced a feature called Protected Confirmation so they know it’s a human who is there making that transaction. Titan M is also there to utilize this new API so that it can protect the most security-critical operations.
Resisting Insider Attacks
The last bit that Google touched on when they announced the Titan M chip was how it prevents tampering. This means the firmware on the Titan M chip will never be updated unless the person is able to input their PIN, pattern, or password. Again, Google doesn’t mind when the owner of the device tinkers with the hardware they paid hundreds of dollars for.
The goal here is to prevent hackers and thieves from gaining access to your data. There has been a number of ways to bypass the lock screen of a mobile device (we see this on iOS all the time) but the Titan M chip is there to prevent that. With this in place a user can’t bypass this lock screen and then update the firmware with malicious code.
Google will assuredly use this chip to add more features that keep their phones more secure. Just like the Pixel Visual Core that was included in the Pixel 2 and the Pixel 2 XL, I don’t see why Google won’t include this Titan M chip in all of their phones in the future. It hurts the reputation of Android when a new exploit or virus is talked about. So with monthly security updates to protect the software and the Titan Security platform to protect the hardware, Google can say their devices are as protected as they possibly can be.
This Doesn’t Mean the Pixel 3 is Hack Proof
Just because Google decided to put this chip inside their new phones doesn’t make it so they cannot be hacked. Yes, it increases the difficulty but it won’t make it unhackable. We will have to wait and see how much more secure the Titan M chip and the Titan Security platform does in the wild. Google can only hire so many people to test new security features so now that anyone can buy it some will make it a personal challenge to see if they can break into it.