Linked by Thom Holwerda on Fri 15th Jan 2016 10:09 UTC
PDAs, Cellphones, Wireless

So long as basebands are not audited, and smartphones do not possess IOMMUs and have their operating systems configure them in a way that effectively mitigates the threat, no smartphone can be trusted for the integrity or confidentiality of any data it processes.

This being the case, the quest for "secure" phones and "secure" communications applications is rather bizarre. There are only two possible roads to a secure phone: auditing baseband or using an IOMMU. There can't even begin to be a discussion on secure communications applications until the security of the hardware is established.

I've written about this a long time ago, and it remains true today. Your phone is not secure, by definition, regardless of platform. Governments should legally demand phone manufacturers to fully publish all source code to the baseband chips they use, or be barred from sales. Mobile phone networks have become a crucial pillar of our society, and as citizens, we have the right to know what's going on in baseband chips.

Of course, that's not going to happen - governments benefit from the inherent lack of any form of security in our mobile phone network - but one can dream.

Thread beginning with comment 623387
To read all comments associated with this story, please click here.
%s/smartphones/computers/g
by Ithamar on Fri 15th Jan 2016 10:53 UTC
Ithamar
Member since:
2006-03-20

Remember IME (Intel ME) ? No use in having "secure" OS (e.g. Linux) when everything before it is not secure.

Anyway, I think people are getting a little paranoid by now, probably thanks to Snowden and his revelations (not saying it is a bad thing, we just need to keep perspective IMHO).

Reply Score: 1

RE: %s/smartphones/computers/g
by ssokolow on Fri 15th Jan 2016 12:55 in reply to "%s/smartphones/computers/g"
ssokolow Member since:
2010-01-21

Remember IME (Intel ME) ? No use in having "secure" OS (e.g. Linux) when everything before it is not secure.


That's why you contact AMD to request a list of CPU/APU SKUs that predate the introduction of ARM TrustZone cores. AMD doesn't yet have an on-die management solution.

Reply Parent Score: 4