-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Jul 09, 2017 at 05:00:26PM +0200, deloptes wrote:
[...] > As for some conspiracy chips with embedded rom .... if you have basic > engineering knowledge you could easily identify all of it and to my > knowledge it is not trivial to embed such a chip into a mass product, > especially a mobile phone. If you want some fascinating reading, see [1] [2]: a researcher from Google's Zero Day project found out bugs in the firmware of a widespread Broadcomm SoC (used in many well-known smartphones). Specifically some buffer overflows in the WiFi subsystem (a processor on its own, with its own firmware, but sharing the main processor's RAM, it seems). He could produce a proof-of-concept exploit in which prepared WiFi packets could first take over the WiFi processor, then from there the main processor. No user interaction needed: just the WiFi has to be listening. No need for the bad guys to shoehorn a spy processor on your machine. There are enough already in there (Intel's ME, disk controllers, what not) with enough vulnerabilities ready to do the NSA's bidding (or FSB, or whoever is your favourite enemy these days). Cheers, indeed :-) [1] https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html [2] https://googleprojectzero.blogspot.de/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlliTzYACgkQBcgs9XrR2kYb9wCbBSmZr1cZHcrC0abG34LjDcvr qcQAn0LeCfpNuRNsAiBW2JckR/i6bws/ =6oWQ -----END PGP SIGNATURE-----