undefined | Better HN

0 pointsge0rg12y ago0 comments

Only open-source apps on open-source operating systems [..]

...running on Open Source hardware.

Many modern smartphones employ a baseband processor and an application processor with shared memory. While the app processor might be running an open-source compiled Android, the baseband processor is usually on a closed, not externally verified (and very buggy) RTOS provided by the manufacturer (Qualcomm, MediaTek, TI, ...)[0].

Owning the baseband is sufficient to gain access to the raw RAM of the application processor, to read any IM messages and keys, to manipulate data, code and whatever else you like. And all this is completely undetectable by any "antivirus" software running on the app processor.

[0] http://www.youtube.com/watch?v=fQqv0v14KKY

0 comments

2 comments · 1 top-level

hrjet12y ago· 1 in thread

> running on self-manufactured hardware

FTFY. Open sourced hardware by itself is of no practical use because the guy who manufactured it for you might have altered it in production.

polarix12y ago

And let's not forget to consider a "trusting trust" attack on the hardware you use to manufacture the processor.

j / k navigate · click thread line to collapse