Re: First small steps toward free GSM firmware
Am Fri, 15 Nov 2013 02:17:48 +0100 schrieb joerg Reisenweber jo...@openmoko.org: [quote] Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave. [/quote] Nothing more to say. This article isn't worth the CPU time to render it on my screen. You can hack and exploit the baseband as much as you like, it stays baseband can can do nothing it couldn't do anytime on any location in the network. IOW, don't worry about what's going on in your modem. It's even less interesting than what's going on in your harddisk of your PC. Since the harddisk could actually introduce a infected bootloader or kernel to your system, the modem is sth you rarely ever boot from. ;-P I don't get you (or got you wrong). The article says (which indeed is no news), that the baseband can be easily exploited which affects the applications you are running (or are started / installed remotely). http://lists.mayfirst.org/pipermail/guardian-dev/2012-October/001012.html http://www.theregister.co.uk/2013/03/07/baseband_processor_mobile_hack_threat/?page=1 Please tell me, I am wrong. -- Kardan kar...@riseup.net Please encrypt emails to me. http://gnupg.org/documentation Public GPG key 9D6108AE58C06558 at hkp://pool.sks-keyservers.net fingerprint: F72F C4D9 6A52 16A1 E7C9 AE94 9D61 08AE 58C0 6558 Why? * EU data retention since 2006 http://tinyurl.com/eu-data-retention * NSA/GHCQ soak up all they can into their data centers * orwell 2.0: http://knopfdoubleday.com/book/232010/the-circle/ EFF.org: Stop Watching Us! https://www.youtube.com/watch?v=aGmiw_rrNxk https://prism-break.org software for informational self protection everyone has the right to know who is knowing what about him at what time. https://www.datenschutz.de/privo/recht/grundlagen signature.asc Description: PGP signature ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: First small steps toward free GSM firmware
At Sat, 16 Nov 2013 00:03:33 +0100, kardan wrote: [1 multipart/signed (7bit)] [1.1 text/plain; US-ASCII (quoted-printable)] Am Fri, 15 Nov 2013 02:17:48 +0100 schrieb joerg Reisenweber jo...@openmoko.org: [quote] Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave. [/quote] Nothing more to say. This article isn't worth the CPU time to render it on my screen. You can hack and exploit the baseband as much as you like, it stays baseband can can do nothing it couldn't do anytime on any location in the network. IOW, don't worry about what's going on in your modem. It's even less interesting than what's going on in your harddisk of your PC. Since the harddisk could actually introduce a infected bootloader or kernel to your system, the modem is sth you rarely ever boot from. ;-P I don't get you (or got you wrong). The article says (which indeed is no news), that the baseband can be easily exploited which affects the applications you are running (or are started / installed remotely). http://lists.mayfirst.org/pipermail/guardian-dev/2012-October/001012.html http://www.theregister.co.uk/2013/03/07/baseband_processor_mobile_hack_threat/?page=1 This is the key bit from the Register's article: Just like on PCs, modern (smart)phone designs are based on a shared memory architecture, Rupp told El Reg. In other words, the baseband processor and the application processor share the same physical memory to communicate with each other. Even though there are various protection techniques like DEP (Data Execution Prevention) in place that should in principle prevent that, memory pages which contain executable code can be written to. As long as the modem and CPU only communicate via the serial port, i.e., there is no shared memory, then the application CPU is (relatively) safe from attacks started from the baseband CPU. As I understand it, this is the case for the GTA0*, but it would be good to have confirmation of this from someone better in the know. Neal ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: First small steps toward free GSM firmware
On Sat, Nov 16, 2013 at 12:33 AM, Neal H. Walfield n...@walfield.org wrote: As long as the modem and CPU only communicate via the serial port, i.e., there is no shared memory, then the application CPU is (relatively) safe from attacks started from the baseband CPU. As I understand it, this is the case for the GTA0*, but it would be good to have confirmation of this from someone better in the know. Neal Yes. GTA01 and GTA02 communicate with modem (TI Calypso) via serial port, and GTA04 (with Option GTM601W) via USB. While so called dumbphones and some older smartphones like Symbian devices often didn't have dedicated APU, so complete OS was technically running on modem, newer devices have rather good separation of those two processors. However, it's not always the case - there are some devices that communicate with modem via shared RAM. It starts to be pretty common on Android devices. It's still hardly any news, it's perfectly known for few years, and projects like Replicant were actively discouraging usage of such phones ever since. Anyway, it's not a secret, one can easily check by some quick googling if the device he/she's interested in follows this design. It's good to raise awareness about problems with such design. It's bad to make it sound like some secret conspiracy. Like we haven't got enough of true secret conspiracies to worry about ;) -- Sebastian Krzyszkowiak, dos http://dosowisko.net/ ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community