posted by Thom Holwerda on Fri 15th Jan 2016 10:09 UTC
Icon

So long as basebands are not audited, and smartphones do not possess IOMMUs and have their operating systems configure them in a way that effectively mitigates the threat, no smartphone can be trusted for the integrity or confidentiality of any data it processes.

This being the case, the quest for "secure" phones and "secure" communications applications is rather bizarre. There are only two possible roads to a secure phone: auditing baseband or using an IOMMU. There can't even begin to be a discussion on secure communications applications until the security of the hardware is established.

I've written about this a long time ago, and it remains true today. Your phone is not secure, by definition, regardless of platform. Governments should legally demand phone manufacturers to fully publish all source code to the baseband chips they use, or be barred from sales. Mobile phone networks have become a crucial pillar of our society, and as citizens, we have the right to know what's going on in baseband chips.

Of course, that's not going to happen - governments benefit from the inherent lack of any form of security in our mobile phone network - but one can dream.


e p (4)    16 Comment(s)

Technology White Papers

See More