[PLUG] and I thought the badBOIS story was scary...

Keith Lofstrom keithl at gate.kl-ic.com
Fri Nov 15 03:11:00 UTC 2013


On Thu, Nov 14, 2013 at 12:06:34PM -0800, Chris Schafer wrote:
> When can you really trust what is inside the black box?
> 
> http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone

In brief, the firmware running the Infineon or Qualcomm voice
channel hardware on your smart phone is closed source, patented,
buggy and exploitable.  The article didn't say whether this
also applies to ancient dumb phones, but it is implied.

Which is why I won't buy a smart phone until I can program the
whole software stack.  Maybe never.  There will be other ways
to move voice that bypass the cell network, sooner or later.
I can wait.

BTW, I hope someday there will be a similar analysis performed
on internal firmware for magnetic hard disks, which may be my
own biggest vulnerability.  There's a lot of room for factory-
sourced mischief in the firmware boot and spare tracks.  Solid
state drives could be as vulnerable, but they are easier to
observe and reverse engineer with measurement systems,
spinning platters not so much.

Keith

-- 
Keith Lofstrom          keithl at keithl.com



More information about the PLUG mailing list