Hacker News new | past | comments | ask | show | jobs | submit login

A modem can't MITM https without the key. And all http traffic can be MITM'd anyway. So having control of the modem doesn't get you anything that you wouldn't otherwise be able to get by vacuuming up the traffic further upstream.

What's an example of exploiting system services?




How do you MITM someone specific that may be thousands of miles from you? Much easier when you have access to their modem.

Exploiting system services - you can attack any kind of non encrypted traffic flowing through the modem. Such as unsecured applications running with broad permissions. Or you can inject data into kernel services that communicate directly with the modem.

I don't know if on these phones the modem presents itself as a simple serial device, or if it has its own kernel driver (/dev/modem). If it does have its own kernel driver running in the phone, then this driver becomes an easy target for attack, granting full system access.


Let me get this straight, you're equating having control of a device with DMA with being able to sniff a network connection?

If you really think they're the same thing, I have some baseband software for you.


The modems in question here don't have direct access to system ram or flash, which is why Samsung is using an RPC mechanism to the application processor to store data on behalf of the modem (which quite possibly has no local flash at all -- designs do vary). Typically these are supposed to restrict the modem's storage to its little sandbox -- sounds like this one fails to do so (and runs as root which should not be necessary to provide the service).


This is merely a helper, but not necessarily to circumvent "sandboxing". Probably the honest firmware update routines use this route to make code smaller.


I didn't know they had DMA.


Ding!

That's the key. There is no news here because every phone running every OS is back-doored[1]. Completely, totally back-doored. This includes every single phone "replicant" has ever been installed on.

There is a computer in your phone, that you cannot access, running a closed source, proprietary OS that your carrier controls, that has (in many cases) DMA access to your "actual" phone.

Your carrier has total control over that computer in your pocket.

Game Over.

[1] With the very tiny exceptions of calypso-based motorola phones running osmocom and possibly the neo freerunner phones ... but I could be wrong about those...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: