[guardian-dev] Baseband Attacks

Abel Luck abel at guardianproject.info
Wed Oct 17 16:57:23 EDT 2012


Hans-Christoph Steiner:
> 
> Good to see more work on this beyond just "baseband sucks".  My takeaway
> remains:
> 
> wifi-only! :-D
> 

Yea, this is freaky stuff :|

It's unfortunate that even running in Airplane mode+wifi probably still
doesn't save you.

<3 my galaxy player.. I hope it gets 4.x someday.


> .hc
> 
> On 10/02/2012 07:46 PM, Frank Rieger wrote:
>> My company has been doing quite a bit of (so far unpublished) research into baseband security. The short summary is that the situation is currently rather depressing and is improving only slowly. Baseband vendors are fixing lots of stuff, but baseband updates for shipped phones often do not contain these fixes. Our research shows that the newer the phone the better the situation, as for new phones the manufacturers do a clean fresh build from whatever the freshest full baseband source of Qualcomm, Intel etc. is. Older phones tend to either not receiving updates at all or only partial ones fixing user-relevant bugs (data throughput, stability, battery lifetime etc.).
>>
>> The one practical but very limited method to be on a somewhat safer side is to force the phone into 3G only mode, which makes it much harder to attack with rogue basestations. These are currently all 2G. The 3G picocells can be hacked open, but so far there is not much in terms of an software stack that would allow for building attack tools. This will of course not hold forever and it does not protect agains attacks with operator cooperation.
>>
>> With respect to building a clean, auditable stack, for 3G its rather hopelss due to complexity, for 2G it is possibly doable for one chipset (see the osmocom project) and for 4G it might be worthwile looking at what open source there is from the various research and university projects to make a guesstimate if it might be realistic to embark on such a project.
>>
>> Greetings from Berlin,
>>
>> Frank
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>
>> You are subscribed as: hans at guardianproject.info
>>
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
> 
> You are subscribed as: abel at guardianproject.info
> 



More information about the Guardian-dev mailing list