undefined | Better HN

0 pointsjtl9997y ago0 comments

I remember the creator of CopperheadOS claiming the "Nexus 5" (which is EOL) is not secure because of hardware (baseband?) vulnerabilities that wouldn't be trivial to fix.

Citation: https://twitter.com/DanielMicay/status/1058103333414522880

0 comments

7 comments · 3 top-level

arghwhat7y ago· 2 in thread

Basebands are generally terrible black boxes. Even for new devices, they're a major security concern.

jtl999OP7y ago

Agreed.

Does anyone know anything about the GSMK Cryptophone 500? It's appears to be a modified Galaxy S3 with a heavily custom ROM and can double as an IMSI catcher. I wonder. Did they RE the baseband or replace it with their own?

https://www.cryptophone.de/en/products/mobile/cp500/

Interesting.

voltagex_7y ago

I seem to remember there being relatively complete access to the S3 baseband at one point. Not sure I'd use it as a daily driver though. The S3 had big problems with the eMMC suddenly dying.

1 more reply

ech0007y ago· 1 in thread

Can anyone recommend a post that introduces these kind of issues for Android outsiders?

I assumed Android ROMs carry a fully fledged distribution, including the kernel and firmware. Sure, the latter might be out of date.

When I tried digging into the question "where does this so-called open source come from", I stumbled upon Kernels that basically have one commit adding the whole blob.

Is the ROM merely the application software built for a target kernel (which is persistent on the device)?

I've hacked around with Kernel modules on Android before, but miss the big picture in that regard.

Edit: especially the new update infrastructure (treble?), Does it change anything here?

voltagex_7y ago

The ROM is kinda an inaccurate term for the whole "blob" of binaries that gets copied to eMMC (or similar) storage. This can include multiple partitions, firmware updates (including for your baseband) etc.

The device kernel is a fork of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin... or more accurately https://source.android.com/devices/architecture/kernel/andro... at the end of the day. The "whole thing as one commit" is just people not caring enough to maintain source history.

Treble seems to mean that the software can be updated separately from the drivers and the firmware - https://www.androidauthority.com/project-treble-818225/, it could actually make things worse in terms of out of date drivers and firmware.

lclarkmichalek7y ago· 1 in thread

I think he's more saying that Nexus 5 is not secure going forwards because the firmware for the hardware is not getting updates. I can't see any reference to specific vulnerabilities, but when a platform is complex they're bound to exist. When you combine that with not getting updates, you have an insecure platform.

ghusbands7y ago

The firmware for the Nexus 5 wifi chip has well-known remotely-exploitable code-execution vulnerabilities [1] that were never patched. Nearly all modern devices have a full software stack inside the wifi (and other radio) chips and they all have plenty of security flaws and they're all proprietary and unaffected by the OS.

So it's not just about it not being secure going forwards. It and most other similar age handsets are insecure because a fix has never been released for the older chips.

[1] https://googleprojectzero.blogspot.com/2017/04/over-air-expl...

j / k navigate · click thread line to collapse

0 comments

7 comments · 3 top-level

arghwhat7y ago· 2 in thread

Basebands are generally terrible black boxes. Even for new devices, they're a major security concern.

jtl999OP7y ago

Agreed.

https://www.cryptophone.de/en/products/mobile/cp500/

Interesting.

voltagex_7y ago

I seem to remember there being relatively complete access to the S3 baseband at one point. Not sure I'd use it as a daily driver though. The S3 had big problems with the eMMC suddenly dying.

1 more reply

ech0007y ago· 1 in thread

Can anyone recommend a post that introduces these kind of issues for Android outsiders?

I assumed Android ROMs carry a fully fledged distribution, including the kernel and firmware. Sure, the latter might be out of date.

When I tried digging into the question "where does this so-called open source come from", I stumbled upon Kernels that basically have one commit adding the whole blob.

Is the ROM merely the application software built for a target kernel (which is persistent on the device)?

I've hacked around with Kernel modules on Android before, but miss the big picture in that regard.

Edit: especially the new update infrastructure (treble?), Does it change anything here?

voltagex_7y ago

lclarkmichalek7y ago· 1 in thread

ghusbands7y ago

So it's not just about it not being secure going forwards. It and most other similar age handsets are insecure because a fix has never been released for the older chips.

[1] https://googleprojectzero.blogspot.com/2017/04/over-air-expl...

j / k navigate · click thread line to collapse