Linked by Thom Holwerda on Thu 13th Mar 2014 19:31 UTC
Privacy, Security, Encryption

First it was a huge backdoor, then it turned out not to be a big deal. Whatever is the case with this issue with Samsung phones - it only serves to highlight what I wrote about several months ago:

It's kind of a sobering thought that mobile communications, the cornerstone of the modern world in both developed and developing regions, pivots around software that is of dubious quality, poorly understood, entirely proprietary, and wholly insecure by design.

Whether or not this is actually a huge security issue, I don't care - it just further highlights the dire need for a properly and truly open baseband firmware.

Thread beginning with comment 584445
To read all comments associated with this story, please click here.
Member since:

And it won't come from Android, iOS, or Windows phones or Blackberry or ... well who is left? Non smart phones? Nope.

Reply Score: 1

No it isnt Member since:

Jolla and Ubuntu. And no, they won't have open basebands.

Then again, any mobile phone can and will be location tracked from the towers, so anyone pretending some brand of phone guarantees your privacy is just a shill.

Reply Parent Score: 5

woegjiub Member since:

AFAIK, it's illegal in most countries to use a device with a cellular connection without providing adequate identification, so unless you have forged credentials, you're always being tracked by the mobile provider anyway - otherwise, they can't know where to send calls/data responses.

Obviously it'd be much better if the tracking/etc. ended there, but Stallman's right about this one: if you *really* care about privacy, don't use a mobile.

TBH, that would also mean not using the internet either, since you need an ISP, and *they* need to know where to send data, so...

Really, the only way to "guarantee privacy" is to go off-grid completely and live in the forest, off on-site solar/wind power and farming.

Edited 2014-03-14 02:34 UTC

Reply Parent Score: 5

Alfman Member since:

No it isnt,

Rosenberg: I think calling this a "backdoor" is a bit far-fetched, much less one that can allow parties to remotely access data from your phone. This claim can be debunked with three crucial facts:

1. There is virtually no evidence for the ability to remotely execute this functionality....

2. The amount of data that can be read or written to by this functionality is very limited...this can only be used to access data specifically related to radio functionality, plus information stored on the SD card (because this is also readable by every application on the phone).

3. ...The authors had to leverage a directory traversal flaw in the handling of modem commands in order to cause the radio software to write outside of the /efs/root directory...This suggests that the intended purpose of this functionality was rather mundane and not at all malicious, and that it was simply poorly implemented.

#1. Rosenberg has a valid point, having proprietary code running in the modem isn't proof in and of itself that it's exploitable. It's nevertheless alarming that the application processor would allow the modem to access user files.

#2. Rosenberg's statement failed to debunk any claims with this one. In fact he even echos the original claims that the daemon can run as either root or as under a limited account with access to /sdcard.

#3. So what? A hacker who's gotten this far would not be phased by "../../". It doesn't much matter (to hackers) whether the vulnerability is intentional or not. In fact the best backdoors are made to look accidental:

So, we know that the application processor is vulnerable. Whether the Modem is will have to remain an open question. It's not even clear to me that the binary machine code for the modem is accessible for reverse engineering? Lots of micro-controllers offer code protection that makes it near impossible to access the binary code:

Q: Does anyone know if the modem's firmware can be flashed over the air (like a cable modem)? If so, then it doesn't even matter what's in the firmware. An entity such as the NSA could just flash a new firmware at will to do whatever it wants, like exploiting the application processor's vulnerabilities.

Reply Parent Score: 5