3 Oct
2012
3 Oct
'12
11:09 p.m.
First, stay away from Qualcomm-based phones. In them
the baseband controls
all physical memory, as documented in the Replicant project, and thus has
control over the application processor (the "unix computer").
Ok. So what I am shooting for is a firewall between the baseband
processor and the application processor, and I was indeed correct that in
a "real" mobile phone there is a lot of bleeding between the two.
Second, even Infineon-based phones are not completely
safe, however you can
use Replicant on the Nexus S, and thus there is no proprietary binaries (on
the Unix side) and less risk of meddling from a third party. However, this
won't prevent a baseband exploit from doing evil stuff. In addition there
are Android vulnerabilities constantly appearing, last one as you may have
heard concerned the SGS3's NFC stack.
Well, that is why I said "unix computer" and not specifically android - if
I am running a computer (like a samsung galaxy player) then I could do
something besides android, and perhaps gain quite a bit of control.
Finally, the scenario you suggest (connecting a 3G USB
modem) to a computer
seems very impractical although it adds a layer of safety since the
microphone will be fully under the control of the system you trust. However
battery life will probably be very, very short as compared to your current
2G phone.
Yes, ok. Battery life is bad, as well as the physical logistics of
connecting a full sized USB dongle to a micro-USB port, etc.
By the way, as documented in presentations at CCC,
Blackhat, etc. GSM
networks are not safe, there are multiple vulnerabilities ranging from
offline decryption of comms to active mitm attacks. 3G networks use
stronger, mutual authentication and do not suffer from this. In several
phones, such as the Nexus S, you can force the network mode to 3G only and
therefore have a better level of security.
Yes, but the real trick I am interested is isolating (or at least
controlling) the interaction between the baseband processor and the
application processor. Using a computer with a USB dongle gives me that
control ... would I have that same level of control if we had free
software running on the baseband processor, or is there still additional
bleeding possible simpy by virtue of being built into the computer ?
Also, just for my own notes, what is the industry term for "making changes
to application processor side of customers handset?" I have heard of some
regular examples of how carriers update things and enforce changes to
phones in this way (or relock them ?) but what is the term for that
behavior ?
Thanks.
4 Oct
4 Oct
12:32 a.m.
New subject: How much protection does an add-on GSM modem give me vs. built into phone ?
John Case wrote:
the real trick I am interested is isolating (or at
least
controlling) the interaction between the baseband processor and the
application processor. Using a computer with a USB dongle gives me that
control ... would I have that same level of control if we had free software
running on the baseband processor, or is there still additional bleeding
possible simpy by virtue of being built into the computer ?
In a smartphone it's almost not possible to distinguish the
"computer" from the "GSM modem" anymore, because of how the
hardware is constructed, so yes.
what is the industry term for "making changes to
application processor
side of customers handset?"
Maybe you're looking for FOTA - Firmware Over The Air?
//Peter
12:26 p.m.
New subject: How much protection does an add-on GSM modem give me vs. built into phone ?
On Thu, 4 Oct 2012 00:32:48 +0200
Peter Stuge <peter(a)stuge.se> wrote:
John Case wrote:
In some yes, in some no... it depend on how the
smartphone was
designed:
On one end some smartphones (openmoko GTA02,golden delicious GTA04), the
baseband is isolated(tough on GTA04 it has access to a GPS with no
antenna(so it can't work)) . And on the other end there are smartphones
with qualcomm System on a chip...where the modem and the CPU are in a
single chip:
The modem part has the audio DSP connected to it, the GPS.
And the baseband uses shared RAM memory and shared NAND(if I remember
well)...
And I'm not sure but maybe the baseband is even needed for booting the
main CPU...
There are also systems in between like the galaxy S/Neuxs S that uses
shared memory but do not have other problems...
Denis.
the real trick I am interested is isolating (or
at least
controlling) the interaction between the baseband processor and the
application processor. Using a computer with a USB dongle gives me
that control ... would I have that same level of control if we had
free software running on the baseband processor, or is there still
additional bleeding possible simpy by virtue of being built into
the computer ?
In a smartphone it's almost not possible to distinguish the
"computer" from the "GSM modem" anymore, because of how the
hardware is constructed, so yes.
4654
days inactive
4655
days old
baseband-devel@lists.osmocom.org
2 comments
3 participants
participants (3)
-
Denis 'GNUtoo' Carikli -
John Case -
Peter Stuge