doctorow at November 13th, 2013 13:50 — #1
nixiebunny at November 13th, 2013 14:39 — #2
We were all doing just fine, not knowing about this. Now we have to worry!
Seriously, I've always wondered how phones did all that actual phone work while playing Angry Birds. It makes sense that it's a hunk of vintage code that no one outside of the factory has seen.
Now that it's publicly acknowledged, it's just a matter of time before bored high school kids do all the stuff mentioned in the scary paragraph in the article.
spence at November 13th, 2013 14:39 — #3
The smart phone: your least secure device just got even less secure!
nadreck at November 13th, 2013 14:43 — #4
So my years of experience typing "ATDT" and "ATH" commands into rubber suction-cup, 300 baud modems can go back on my resume now!
allenk at November 13th, 2013 14:51 — #5
I had no idea that the single word Hayes would tickle my nostalgia neuron so strongly. Just add "micromodem" and I'm practically a puddle.
technogeekagain at November 13th, 2013 14:53 — #6
Another argument for having a separate phone and palmtop with limited data connectivity between them rather than cramming both into one box. Especially now that cellular data connectivity has been largely replaced by near-ubiquitous WiFi.
yadayada at November 13th, 2013 14:57 — #7
I think that's pronounced "NSA". Seriously. This could be how they tapped Merkel's phone.
nixiebunny at November 13th, 2013 15:12 — #8
The magic of the smartphone is that one CPU does everything from playing Angry Birds to cell data packet handling. The answer isn't to double the hardware, it's to make the software better.
Unfortunately, the cell packet handling software is so highly evolved, and so close to the metal, that a rewrite would be a billion-dollar proposition.
mildbill at November 13th, 2013 15:22 — #9
We can safely assume this has been completely exploited in the field for many years by criminals both inside and outside of government.
And we can also safely assume that anyone motivated enough has been listening in on conversations and taking pictures clandestinely of the conversations of presidents, prime ministers, members of Parliament, senators, representatives and governors.
Not long before some of that information gets leaked publicly or sold on the open market.
As mentioned on Hacker News
The FBI has been tapping mobile phones as "roving bugs" for a decade: http://news.cnet.com/2100-1029-6140191.html
An open and secure baseband SoC/OS is a reasonable project for a well funded startup. I betting there's about to be an eager market.
cleveremi at November 13th, 2013 15:23 — #10
I think more than one (ahem) agency might consider this more feature than bug. Good luck getting it fixed, unless it's done in a way that keeps out the bored kids out, while leaving the agencies a pleasant garden path.
mildbill at November 13th, 2013 15:26 — #11
It's integrated in Snapdragon and other mobile SoCs, but that doesn't mean it would be a billion dollar project to build a disruptive secure phone which would be a niche product at first. You have to be willing to start crappy, but focused.
bardfinn at November 13th, 2013 15:29 — #12
And they can edit the list of encryption modes that the radio will negotiate with the base station, and the list of encryption methods that TLS will negotiate with a remote server. The NSA can crack RC4 in real time; it is important that it be immediately removed - not merely deprecated, not merely deprioritised - from implementations.
technogeekagain at November 13th, 2013 15:31 — #13
CPUs are cheap; small CPUs near-disposably so. Doubling the hardware is one legitimate way to get security without doing the rewrites. Call it a firewall.
phasmafelis at November 13th, 2013 17:12 — #14
Haha, if only...
technogeekagain at November 13th, 2013 17:19 — #15
Well, here in a college town, anyway. And realistically, most of the places I'd need it have a starbucks or equivalent within reasonable detour.
I really don't need network connectivity on the road, or on a random streetcorner... as evinced by the fat that I'm not using it now. And from observation, the people with The Internet In Their Pocket via wifi seem to get the answers they need just about as easily and as quickly as those who have data plans.
If network connectivity is business-critical for you -- or you're more addicted than I -- your mileage will vary.
crenquis at November 13th, 2013 17:21 — #16
So, if I send a M2 command to turn the modem speaker always on, will the phone start emitting the soothing modem chatter?
jandrese at November 13th, 2013 17:25 — #17
For what it is worth, this talk appears to be from back when the iPhone 4 was new, so mid 2010 or so. I suspect not a lot has changed in the meantime however. As far as I know these basebands are still big binary blobs that get minimal code review, and are likely still full of security holes.
gilbertwham at November 13th, 2013 17:47 — #18
Because of course they are.
jhbadger at November 13th, 2013 18:17 — #19
Yeah -- if anything I'm seeing the number of "free wifi" places go down over the past few years given it isn't really a big thing for people to go to a coffeeshop or whatever to check their email/facebook/twitter accounts when they can do all of that anywhere from their phones, and typical public wifi user these days are web developers and what not who just take up a seat for hours using the shop as a free office and hardly buying anything.
pfooti at November 13th, 2013 18:52 — #20
Hmm, I have this micro 3g station I got from AT&T a while back, I wonder if I could use that for nefarious porpoises.
next page →