how much havoc can a compromised baseband do to a Guardian ROM device?

List overview All Threads
Download

newer

older

RFC: obfsproxyssh

[GSoC '13] Status report -...

Eugen Leitl

29 Jul 2013 29 Jul '13

1 p.m.

Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory? The firmware doesn't seem to be loaded at boot, so I presume it's entirely out of reach/ reversing?

Attachments:

signature.asc (application/pgp-signature — 836 bytes)

Show replies by date

Nathan Freitas

29 Jul 29 Jul

1:26 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 07/29/2013 09:00 AM, Eugen Leitl wrote:

...

Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory? The firmware doesn't seem to be loaded at boot, so I presume it's entirely out of reach/ reversing?

- From what I know, there has been nothing specific done (yet) in the Guardian ROM work to combat baseband attacks.

Something interesting about the Nexus 4: http://www.ifixit.com/Teardown/Nexus+4+Teardown/11781/3

It appears to have two separate "modem" chips, perhaps related to extended support for LTE:

Qualcomm WTR1605L Seven-Band 4G LTE chip Qualcomm MDM9215M 4G GSM/UMTS/LTE modem

Searching for either of those parts online reveals a good amount of documentation, but not many specifics related to Android.

...PGP SIGNATURE...

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJR9m2TAAoJEKgBGD5ps3qp6BwQAIPEGGisxIWlz8TYO3409UYY oRLHs2J+pNeZ+FUL06lylwM2di2PeL0fZIv9g48yKegR3+9/3XkP9w2zUakj6zJa rMpSZ8Gl4YFxNFbT/ukAyaKxKezyhxPELjSihB/tJI5puYQcuhu9bMR2KrmhITiZ yghUDMJ5Wp+ETeA/+CKzw172hMT1gTz1ennYXotFFIZK+Ac0ucTud9JaAf4PsHM5 hfnDfQxsq4MlmBO6737WL9ilJqRTjUBO9t1BtoRVOQ/j/lcff7F0tSzxy3mxOAOe 0bm8Ox1n5POvMDNucytrGdopl+PPwewPZVtl5GjGXNsp9TsVm6Hdpl4xE3CyVyUI pdZStfiWWZ0Xz/LNAaErT7cORp5O/H0O9vtu2CYeQtH3w8k9ngPgBYkqbklJwpwA XwkmzeOYSdvTfmylsENhcWNjv58qprQFV6mMVwfZzPdj1Ik0dTlGIX7GYQoFjLhz oPk51/AjOrk8S66ySequSJto8Ngk8R5EsWABrw5ed5QjEJuictLUO1aLTBUqRVCB eOrkkiL2wPOVYfywqwzCpJovDcIvupiEdO2O0eJ9FGWbyQ2uasp5mMZXKblG8kjs 6BpqnRhjBBowCs8eOu6poDg/fm/OFrbiifY2inrr++TposIsiCriETrhVVZEqa9G XQE/4+Ujxenno2zYMSKq =beLf -----END PGP SIGNATURE-----

Andrew Lewman

1:44 p.m.

On Mon, 29 Jul 2013 15:00:05 +0200 Eugen Leitl eugen@leitl.org wrote:

...

Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory?

How does this relate to tor development?

-- Andrew http://tpo.is/contact pgp 0x6B4D6475

Nathan Freitas

2:11 p.m.

On 07/29/2013 09:44 AM, Andrew Lewman wrote:

...

On Mon, 29 Jul 2013 15:00:05 +0200 Eugen Leitl eugen@leitl.org wrote:

...
...
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory?

How does this relate to tor development?

It is a bit of a tangent, but understanding new ways in which Tor running on a smartphone might be compromised could be useful.

Otherwise, happy to have the thread move here: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

Eugen Leitl

2:24 p.m.

On Mon, Jul 29, 2013 at 09:44:52AM -0400, Andrew Lewman wrote:

...

On Mon, 29 Jul 2013 15:00:05 +0200 Eugen Leitl eugen@leitl.org wrote:

...
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory?

How does this relate to tor development?

In that Nexus 4 is the major supported platform for http://shadowdcatconsulting.com/ which comes with Orbot http://shadowdcatconsulting.com/apps/ and I know that tor-dev is read by people with clue, who ought to know the answer to my question and are interested in (semi-)trusted hardware for personal communication.

4119

Age (days ago)

4119

Last active (days ago)

tor-dev@lists.torproject.org

4 comments

3 participants

tags (0)

participants (3)

Andrew Lewman
Eugen Leitl
Nathan Freitas