What problem does this paper attempt to address?

### Problems the paper attempts to solve This paper aims to address the update patterns of proprietary vendor binaries (vendor blobs) in Android firmware and their security implications. Specifically, the authors focus on GPU vendor blobs because these blobs are crucial to system security and are vulnerable to exploitation. #### 1. Research background Although a great deal of research has focused on the security of different components of the Android system (such as the kernel or runtime environment), few have paid attention to the proprietary vendor blobs in the firmware. These blobs are provided by device manufacturers and are located in a specific firmware partition (i.e., `/vendor`), providing necessary support for hardware components (such as GPUs, cameras, and fingerprint readers). Since they are closed - source and lack documentation support, they have received less attention. #### 2. Research objectives The main research objectives of this paper include: - **Understanding the update patterns of vendor blobs**: Analyzing whether these blobs are updated in a timely manner and how often they are updated. - **Identifying their vulnerabilities and evaluating security implications**: Through large - scale empirical research, discovering the security vulnerabilities in these blobs and evaluating their potential threats to the entire Android ecosystem. #### 3. Specific problems There are two reasons why the article specifically focuses on GPU vendor blobs: 1. **Importance for system security**: Every application loads GPU blobs into memory when rendering the graphical user interface (GUI), so they are crucial for system security. 2. **Vulnerability**: Many commonly used applications (such as Google Chrome and Firefox) or built - in UI components (such as WebKit) can accept arbitrary GPU task inputs and forward them to GPU blobs, which makes them vulnerable to attackers. #### 4. Research methods To achieve the above objectives, the authors developed an automatic analysis pipeline, GPUBlob - Inspector, which includes the following steps: 1. **Firmware collection and unpacking**: Collect Android firmware images from multiple device manufacturers and extract vendor blobs from them. 2. **Version identification**: Identify the version information of these blobs through build IDs, build numbers, and LLVM compiler versions. 3. **Offline fuzzing**: Develop a high - performance offline fuzzer that can perform fuzzing without physical access to mobile devices to identify potential security vulnerabilities. #### 5. Research findings Through large - scale data analysis of more than 13,000 Android firmware versions, the authors made the following key findings: 1. **Untimely updates**: Approximately 82% of firmware versions contain out - of - date GPU blobs, with an average expiration time of 273 days and a maximum of 1,128 days. 2. **Dependence on obsolete LLVM libraries**: Most GPU blobs depend on obsolete LLVM core libraries, and some even use the LLVM 2.8 version, which was released more than 15 years ago. 3. **Discovery of a large number of vulnerabilities**: 289 security vulnerabilities and abnormal behaviors were discovered through the offline fuzzer, which may lead to denial - of - service attacks or arbitrary code execution. ### Summary This paper reveals the untimely updates of vendor blobs in Android firmware and the security risks they bring, emphasizing the urgency for device manufacturers to update these key components in a timely manner.