Your smartphone's hidden, radio-controlling OS is totally insecure

[Permalink]

We were all doing just fine, not knowing about this. Now we have to worry!

Seriously, I’ve always wondered how phones did all that actual phone work while playing Angry Birds. It makes sense that it’s a hunk of vintage code that no one outside of the factory has seen.

Now that it’s publicly acknowledged, it’s just a matter of time before bored high school kids do all the stuff mentioned in the scary paragraph in the article.

The smart phone: your least secure device just got even less secure!

So my years of experience typing “ATDT” and “ATH” commands into rubber suction-cup, 300 baud modems can go back on my resume now!

8 Likes

I had no idea that the single word Hayes would tickle my nostalgia neuron so strongly. Just add “micromodem” and I’m practically a puddle.

1 Like

Another argument for having a separate phone and palmtop with limited data connectivity between them rather than cramming both into one box. Especially now that cellular data connectivity has been largely replaced by near-ubiquitous WiFi.

I think that’s pronounced “NSA”. Seriously. This could be how they tapped Merkel’s phone.

1 Like

The magic of the smartphone is that one CPU does everything from playing Angry Birds to cell data packet handling. The answer isn’t to double the hardware, it’s to make the software better.

Unfortunately, the cell packet handling software is so highly evolved, and so close to the metal, that a rewrite would be a billion-dollar proposition.

We can safely assume this has been completely exploited in the field for many years by criminals both inside and outside of government.

And we can also safely assume that anyone motivated enough has been listening in on conversations and taking pictures clandestinely of the conversations of presidents, prime ministers, members of Parliament, senators, representatives and governors.

Not long before some of that information gets leaked publicly or sold on the open market.

As mentioned on Hacker News
The FBI has been tapping mobile phones as “roving bugs” for a decade: http://news.cnet.com/2100-1029-6140191.html

An open and secure baseband SoC/OS is a reasonable project for a well funded startup. I betting there’s about to be an eager market.

2 Likes

I think more than one (ahem) agency might consider this more feature than bug. Good luck getting it fixed, unless it’s done in a way that keeps out the bored kids out, while leaving the agencies a pleasant garden path.

It’s integrated in Snapdragon and other mobile SoCs, but that doesn’t mean it would be a billion dollar project to build a disruptive secure phone which would be a niche product at first. You have to be willing to start crappy, but focused.

And they can edit the list of encryption modes that the radio will negotiate with the base station, and the list of encryption methods that TLS will negotiate with a remote server. The NSA can crack RC4 in real time; it is important that it be immediately removed - not merely deprecated, not merely deprioritised - from implementations.

CPUs are cheap; small CPUs near-disposably so. Doubling the hardware is one legitimate way to get security without doing the rewrites. Call it a firewall.

1 Like

Haha, if only…

Well, here in a college town, anyway. And realistically, most of the places I’d need it have a starbucks or equivalent within reasonable detour.

I really don’t need network connectivity on the road, or on a random streetcorner… as evinced by the fat that I’m not using it now. And from observation, the people with The Internet In Their Pocket via wifi seem to get the answers they need just about as easily and as quickly as those who have data plans.

If network connectivity is business-critical for you – or you’re more addicted than I – your mileage will vary.

So, if I send a M2 command to turn the modem speaker always on, will the phone start emitting the soothing modem chatter?

For what it is worth, this talk appears to be from back when the iPhone 4 was new, so mid 2010 or so. I suspect not a lot has changed in the meantime however. As far as I know these basebands are still big binary blobs that get minimal code review, and are likely still full of security holes.

1 Like

Because of course they are.

Yeah – if anything I’m seeing the number of “free wifi” places go down over the past few years given it isn’t really a big thing for people to go to a coffeeshop or whatever to check their email/facebook/twitter accounts when they can do all of that anywhere from their phones, and typical public wifi user these days are web developers and what not who just take up a seat for hours using the shop as a free office and hardly buying anything.

Hmm, I have this micro 3g station I got from AT&T a while back, I wonder if I could use that for nefarious porpoises.