Did they get PAID!! ? 'cause those devices are VERY EXPENSIVE!!! Best Regards | Cordiales Saludos | Grato,
Andrés L. Pacheco Sanfuentes <[email protected]> +1 (817) 271-9619 On Wed, Mar 12, 2014 at 4:15 PM, John Sullivan <[email protected]> wrote: > (Sharing this from > <https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor>.) > > # Replicant developers find and close Samsung Galaxy backdoor > > *This is a guest post by [Replicant](http://replicant.us) developer Paul > Kocialkowski. The > Free Software Foundation supports Replicant through its Working > Together for Free Software fund. [Your > donations](https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=19) > to Replicant support this important work.* > > Today's phones come with two separate processors: one is a > general-purpose applications processor that runs e.g. Android; the > other, known as the modem, baseband or radio, is in charge of > communications with the mobile telephony network. This processor > always runs a proprietary operating system, and these systems are > known to have back-doors that make it possible to remotely convert the > modem into a remote spying device. The spying can be operated using > the device's microphone, but it could also use the precise GPS > location of the device and access the camera, as well as the user data > stored on the phone. Moreover, modems are connected most of the time > to the operator's network, making the back-doors nearly always > accessible. > > It is possible to build a device that isolates the modem from the rest > of the phone, so it can't mess with the main processor or access other > components such as the camera or the GPS. Very few devices offer such > guarantees. In most devices, for all we know, the modem may have total > control over the applications processor and the system, but that's > nothing new. > > While working on [Replicant](http://replicant.us), a fully free/libre > version of Android, we discovered that the proprietary program running > on the applications processor in charge of handling the communication > protocol with the modem actually implements a back-door that lets the > modem perform remote file I/O operations on the file system. This > program is shipped with the Samsung Galaxy devices and makes it > possible for the modem to read, write and delete files on the phone's > storage. On several phone models, this program runs with sufficient > rights to access and modify the user's personal data. A technical > description of the issue, as well as the list of known affected > devices is available at the Replicant wiki: > <http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor>. > > Provided that the modem runs proprietary software and can be remotely > controlled, that back-door provides remote access to the phone's data, > even in the case where the modem is isolated and cannot access the > storage directly. This is yet another example of what unacceptable > behavior proprietary software permits! Our free replacement for that > non-free program does not implement this back-door. If the modem asks > to read or write files, Replicant does not cooperate with it. > > Replicant does not cooperate with back-doors, but if the modem can take > control of the main processor and rewrite the software in the latter, > there is no way for a main processor system such as Replicant to stop > it. But at least we know we have closed one back-door. > > -- > John Sullivan | Executive Director, Free Software Foundation > GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS > > Do you use free software? Donate to join the FSF and support freedom at > <http://www.fsf.org/register_form?referrer=8096>. > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > [email protected]. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
