| planetdoc |
05-06-2014 05:15 PM |
Quote:
Originally Posted by Fish
(Post 10605500)
|
I've heard good things about it, but I've also read that it sits ontop of the default lockscreen.
Quote:
Originally Posted by DaveNull
(Post 10605676)
<img src="https://blog.lookout.com/wp-content/uploads/2012/07/Ninja-tel-phone-and-van.jpeg">
|
thats pretty neat. I didnt know anything about it and just did some reading. Looks like they have a base-station as well, and I dont know how legal that is unless they are broadcasting on public spectrum.
When I made that statement, I was speaking more about an arduino DIY phone or a raspberry pi based phone. If one thinks the sim or GSM module are compromised, it can easily be replaced compared to destroying the entire phone (burner phone).
Quote:
Originally Posted by DaveNull
(Post 10605677)
Not trying to start a fight,
|
understand, and I appreciate the discussion.
Quote:
Originally Posted by DaveNull
(Post 10605677)
but you're saying that any non-open source system is questionable?
|
any software that cannot be independently and openly audited (theoretically) must be considered suspect until proven otherwise. It has become pretty clear that many electronics (such as consumer routers for example) have been backdoored from the start.
The second operating system hiding in every mobile phone
Quote:
Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not one, but two operating systems. Aside from the operating system that we as end-users see (Android, iOS, PalmOS), it also runs a small operating system that manages everything related to radio. Since this functionality is highly timing-dependent, a real-time operating system is required.
This operating system is stored in firmware, and runs on the baseband processor. As far as I know, this baseband RTOS is always entirely proprietary. For instance, the RTOS inside Qualcomm baseband processorsis called AMSS, built upon their own proprietary REX kernel, and is made up of 69 concurrent tasks, handling everything from USB to GPS. It runs on an ARMv5 processor.
The problem here is clear: these baseband processors and the proprietary, closed software they run are poorly understood, as there's no proper peer review. This is actually kind of weird, considering just how important these little bits of software are to the functioning of a modern communication device. You may think these baseband RTOS' are safe and secure, but that's not exactly the case. You may have the most secure mobile operating system in the world, but you're still running a second operating system that is poorly understood, poorly documented, proprietary, and all you have to go on are Qualcomm's Infineon's, and others' blue eyes.
The insecurity of baseband software is not by error; it's by design. The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.
So, we have a complete operating system, running on an ARM processor, without any exploit mitigation (or only very little of it), which automatically trusts every instruction, piece of code, or data it receives from the base station you're connected to. What could possibly go wrong?
With this in mind, security researcher Ralf-Philipp Weinmann of the University of Luxembourg set out to reverse engineer the baseband processor software of both Qualcomm and Infineon, and he easily spotted loads and loads of bugs, scattered all over the place, each and every one of which could lead to exploits - crashing the device, and even allowing the attacker to remotely execute code. Remember: all over the air. One of the exploits he found required nothing more but a 73 byte message to get remote code execution. Over the air.
You can do some crazy things with these exploits. For instance, you can turn on auto-answer, using the Hayes command set. This is a command language for modems designed in 1981, and it still works on modern baseband processors found in smartphones today (!). The auto-answer can be made silent and invisible, too.
While we can sort-of assume that the base stations in cell towers operated by large carriers are "safe", the fact of the matter is that base stations are becoming a lot cheaper, and are being sold on eBay - and there are even open source base station software packages. Such base stations can be used to target phones. Put a compromised base station in a crowded area - or even a financial district or some other sensitive area - and you can remotely turn on microphones, cameras, place rootkits, place calls/send SMS messages to expensive numbers, and so on. Yes, you can even brick phones permanently.
|
http://www.extremetech.com/computing...phone-insecure
Quote:
This is just one example of a secondary OS. As I previously mentioned, your SIM also has a small processor that runs a tiny kernel that can execute Java software. (The SIM card and its OS was recently hacked, incidentally.) If your computer has some kind of secure storage area, such as ARM’s TrustZone, there’s probably another separate OS and processor in there, too. The minuscule size of wimpy ARM cores and lack of documentation means that it’s very hard to tell just how many discrete OSes are running on your computer concurrently. In classic pre-internet, security-through-obscurity style, we won’t know how secure these OSes are until they’re (publicly) hacked. If the NSA wanted to deploy a wide-scale hack that gives it access to everyone’s phone calls, the baseband would be the place to do it.
The only real solution to this problem is to move away from closed-source hardware and software.
|
|
