[guardian-dev] signal without sim ?

coderman coderman at gmail.com
Mon Jan 13 04:02:12 EST 2014


On Sun, Jan 12, 2014 at 2:21 PM, Georg Lukas <georg at op-co.de> wrote:
> * Timur Mehrvarz <timur.mehrvarz at riseup.net> [2014-01-12 20:53]:
>> I think Mr. Greenwald should be petitioned to query his document folder
>> for the words "SIM" and "airplane mode". I really can't wait to learn
>> the true nature of this.
>
> Take the time for http://www.youtube.com/watch?v=fQqv0v14KKY "All your
> baseband are belong to us" and
> https://www.usenix.org/conference/woot12/workshop-program/presentation/Weinmann
> "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular
> Protocol Stacks". This shows that taking ownership of your smartphone
> "over the air" is really easy for a determined attacker.


this is a great presentation!

and to reiterate: airplane mode is intended to disable transmission of
radio signals (it seems most chipsets do receive just fine, like wifi
monitor mode, while adhering to stated airplane mode requirements.)

thus if you have an exploitable baseband open on a channel available
to attackers your device can be then compromised, keys and data
exfiltrated, etc.
  all while indicating a "all clear airplane mode no transmit" status
on your device as far as OS, system, and user apps monitoring device
status are concerned.

the only reliable way to detect this is monitoring power draw and RF
transmission (SDR) via external systems.  this has been in the threat
model for high value targets many years now...


best regards,


More information about the Guardian-dev mailing list