Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Second Operating System Hiding In Every Mobile Phone

Soulskill posted about 10 months ago | from the spoiler:-it's-windows-ME dept.

Cellphones 352

Jah-Wren Ryel writes "Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not one, but two operating systems. Aside from the operating system that we as end-users see (Android, iOS, PalmOS), it also runs a small operating system that manages everything related to radio. So, we have a complete operating system, running on an ARM processor, without any exploit mitigation (or only very little of it), which automatically trusts every instruction, piece of code, or data it receives from the base station you're connected to. What could possibly go wrong?"

cancel ×

352 comments

Sorry! There are no comments related to the filter you selected.

depends... (1)

Anonymous Coward | about 10 months ago | (#45411589)

If you only use stuff for web browsing or emails over HTTPS - nothing.(well, remote probability of warning that says that something actively intercepts SSL communication). Also I am guessing that SIM card data may also become compromised.
For the rest of it - well... Intercepted phone calls/SMS, etc.

Those come to mind.

All the other OS, too. (4, Informative)

DrYak (748999) | about 10 months ago | (#45411783)

The situation isn't that much different as a desktop user connecting to the internet over a xDSL/Cable/whatever modem without first overwriting its firmware with a secure one (at least, with a modem, the user is the one uploading the firmware, and as most are Linux based, its easy to have a more or less secure firmware. Unlike the GSM/GPRS/LTE chip which is handled by the service provider, thought there exist ISP-remote-administered modems).

And with TFA's phone example, there's the OS running inside all the verious relay (different machine inside the cell tower, router, service provider's main router/server, tons of other routers along the optical fiber road [including a few NSA listening stations, the moment this road crosses the north American continent], a group of mail server receiving, storing and retrieving mail, then again a long chain of server and router [and another NSA listening station and/or FSB's or MSS's or ONYX's or ...] up to the recipient's servire provider, the the users' home routeur [with the xDSL and the Wifi firmware as additional steps inside, not necessarily opensource, although some chip makers are helping a lot], and finally the recipient's tablet [+/- an additional closed firmware on that chip too).

All this step could corrupt (unintentionally) or tamper (on purprose) or listen [hello NSA], on anything that is sent it the clear.

Sending things on the internet is as secure as sending a post card, especially back when much more of the processing was handled manually. Except that the current equivalent of my exemple's post-offices employee are much less moral. And except that the post office happens to have a weirdguy who's obessive-compulsive about xeroxing every single post-card he handle and store it into a binder "just in case he needs to embarass publicly someone in the future, and also to unmask communist conspiracies" whose name is either Ned S. Andale, or Feodor Stefanov Bakunine. Also except that there are at least 3 such guys in 99 out of 100 post offices.

Again the only way to trust your data is to practice end-to-end encryption. Encrypt it on you phone before sending it away. Decrypt then only on the receiving tablet.

An untrusted phone firmware is nothing new, and isn't much different than the trust into the OS running into another server along the transmission chain.
With one small difference: when you remove the battery of a phone everything is shut off your android running on your big octa-core big.little ARM CPU, but also the proprietary real-time system running inside the small ARM core inside the radio chip (that in practice functions as if owned by the phone company whose SIM is inserted).
Whereas, you can't just walk out and pull the cable of the NSA/FSB/whatever listening station in the middle of somewhere in the USA.

Re:All the other OS, too. (2)

faffod (905810) | about 10 months ago | (#45411855)

Don't get nostalgic about the old manual days where an employee might have a chance to glance at your postcard. These days the post-office (and by extension every branch of government that wants to) memorizes each and every post card you receive. http://www.techdirt.com/articles/20130703/12551523709/old-school-metadata-still-being-harvested-usps-turned-over-to-law-enforcementsecurity-agencies-request.shtml [techdirt.com]

Re:All the other OS, too. (5, Interesting)

georgeb (472989) | about 10 months ago | (#45411859)

I think you misread what the author is saying. The problem is not the fact that communications originating from your phone are potentially insecure (the situation you're trying to compare with the DSL modem and the myriad routers). The problem is that, the author alleges, the smartphones are primarily controlled by the baseband processor firmware; according to the author this piece of code is the governor of everything that happens on your phone. That means, with the appropriate base station changes, anyone can access your phone while sitting in your pocket, can activate the cam, the microphone, can access the contents of it's memory card, etc.

I do not fully trust the author because as far as I understand the baseband processor is supposed to control only the radio and nothing else. That means wifi, gsm and bluetooth. I don't understand why the baseband would have to deal with anything else, and why it would be the master processor and not just a blackbox "device" that the main OS sees and communicates with, in a properly isolated fashion. But then again I'm not knowledgeable enough to be certain about any of this.

If the article is correct then this is one of the scariest things I've read in a long time.

Firmware (5, Informative)

Anonymous Coward | about 10 months ago | (#45411603)

In the real world, this is called Firmware.

Re:Firmware (1)

Larzdk (3107095) | about 10 months ago | (#45411623)

It actually says so in the article.. "This operating system is stored in firmware"

Re:Firmware (3, Informative)

dos1 (2950945) | about 10 months ago | (#45411815)

It's not "stored in firmware". The described OS *is* a firmware.

Re:Firmware (1)

aliquis (678370) | about 10 months ago | (#45411629)

In the real world it's called magic.

Re:Firmware (4, Funny)

emj (15659) | about 10 months ago | (#45411699)

Yeah kind of makes all of those hand waving sci-fi hacking tools look plausible.

A secure computer is a computer without power, network and Qualcomm baseband chips.

Re:Firmware (0)

SomeoneFromBelgium (3420851) | about 10 months ago | (#45411681)

Oh, it's firmware. That's a relief. Firmware sounds reassuring, right?? But firmware gets copied to ram. And can be exploited just like any other software. Of course the alarmist "OMG look what I found here" tone of the article is not conductive to it being taken seriously, but the treat is still there...

Re:Firmware (1)

fisted (2295862) | about 10 months ago | (#45411725)

But firmware gets copied to ram.

What? One of the last MCUs I worked with didn't have any RAM whatsoever, just saying. Of the numerous others which had RAM, none would 'copy code there' in x86-fashion.

Re:Firmware (1)

ebno-10db (1459097) | about 10 months ago | (#45412157)

You're talking about mighty slow processors, even by embedded standards (where you don't have $50 and 10W to run the GUI for some stupid game). Flash access is slow. I know execution direct from Flash access is used for same basic 8-bit, and maybe low-end 16-bit parts, but I can't remember the last time I used something that didn't start by copying the Flash code to RAM. In fact, serial Flash is quite common for storing code.

Re:Firmware (0)

Anonymous Coward | about 10 months ago | (#45411765)

But firmware gets copied to ram.

Not necessarily.

Some simple devices even do not have RAM: the software is in ROM and the data is in the registers.

It is also possible that the software stays in ROM and that only the data is in RAM.

Copying the ROM into RAM is usually done for speed purposes.

In case of cell phones, I don't know if the firmware gets copied to RAM, but you cannot just assume it like that.

Re:Firmware (1)

gl4ss (559668) | about 10 months ago | (#45411779)

sure it gets if it's a single chip, single core arm core system... of smartphones I dunno if there's been any of those since symbians(on which you could do it, saved nokia a bundle).

not so sure where they got the "trusts everything from the network", I guess to make the article more jizzy.

maybe next week an article about exploitable dac(in theory).

Conspiracy (4, Funny)

BreakBad (2955249) | about 10 months ago | (#45411621)

Every thinks a virus will cause the Zombie Apocalypse, when in truth it will be a broadcast of "Never gonna let you down" on infinite loop. Rick is Chinese...didn't you know? The same people who make these 'Cell' phones. Cell.....terrorist cells! OMG it all makes sense now.

Re:Conspiracy (2)

SomeoneFromBelgium (3420851) | about 10 months ago | (#45411635)

Every thinks a virus will cause the Zombie Apocalypse, when in truth it will be a broadcast of "Never gonna let you down" on infinite loop.

Which is actually worse.

Re:Conspiracy (1)

GrumpySteen (1250194) | about 10 months ago | (#45411669)

Every thinks a virus will cause the Zombie Apocalypse

You're out of date. We've moved on to the idea that it will be a fungus from the Cordyceps [wikipedia.org] genus.

Re:Conspiracy (0)

Anonymous Coward | about 10 months ago | (#45411989)

Warning: Your brain has been hacked by psiko loozers. Please initiate neuron wipe process immediately and reinstall personality from scratch. Thank you for your cooperation, netizen!

Risk Mitigation (1, Insightful)

LF11 (18760) | about 10 months ago | (#45411641)

So this basically means that even if the NSA is *NOT* spying on everyone's personal lives by surreptitiously turning on our cameras and microphones, then some 2-bit drug cartel with a couple crackers and an eBay account can? No thanks.

In my house, we are putting in a charging station by the front door, where we will leave all phones. Guests will be cordially invited to leave their cell phones at the door, feel free to pick up a free charge for the ride home.

In the words of a Google employee, "Fuck these guys."

Re:Risk Mitigation (2, Insightful)

Anonymous Coward | about 10 months ago | (#45411697)

What.

Re:Risk Mitigation (0)

Anonymous Coward | about 10 months ago | (#45411711)

My thought as well... that whole post makes no sense.

Re:Risk Mitigation (1)

atom1c (2868995) | about 10 months ago | (#45411769)

The same firmware concept applies to everything electronic.

Good luck with that!

Re:Risk Mitigation (1)

LF11 (18760) | about 10 months ago | (#45411985)

It does apply to everything electronic, but not everything has camera AND microphone AND gps AND permanent attachment to the Internet. The only other electronics I would be concerned about would be tablets and possibly laptops (might end up with charging stations for those, too).

Can you think of anything else that should be isolated? WiFi-enabled LED lights and WiFi access points are potential contenders, but I am choosing not to worry about those until actual evidence of their exploitation pops up.

Re:Risk Mitigation (1)

jalopezp (2622345) | about 10 months ago | (#45412071)

Not everything electronic has a microphone and a camera and your access details for online banking. Personally, I would not be enormously concerned if anyone was trying to access my toaster, but mobile phones are a little more sensitive.

Re:Risk Mitigation (1)

Anonymous Coward | about 10 months ago | (#45411777)

Really, how paranoid can you get? The radio is there to move data. It kinda HAS to trust the base tower it's communicating with. The system won't work if it doesn't. Yeah, you can imagine all kinds of secure ways to ensure you are talking with a legal base station, but in the end you can't trust those either, because the evil goverment can just ask the operator to give them everything releted to you. Criminals running a cell tower? Heh, I guess it's possible in theory. In practice it's damn amazing even the current ones work as well as they do. Also, it's the radio, it doesn't have access to your phones data or mic or camera. Will be way easier and cheaper to bug your house than to use the modem to break in to your phone. Going through the radio part is like breaking into a house through the hole where cables go in, while the front door is open, or made of thin paper (you know, the main processor, running iOS, android, or whatever).

Re:Risk Mitigation (1)

ebno-10db (1459097) | about 10 months ago | (#45411873)

I don't think they're talking about security from the government, because you're right. They can get into the base stations because the carriers are in bed with them. Private efforts might be another story. It does seem like a roundabout and unlikely vector to get to anything useful though, like the data on your cell phone. Possible (though not necessarily likely) reasons for private parties to monitor some of your over-the-air stuff? Put a spoof base station near Wall Street and listen in. That info would be worth a fortune. Even the possibility of doing that though depends heavily on the security of the over-the-air protocols, which I'm not familiar with at any layer above the MAC and Phy.

Re:Risk Mitigation (1)

alen (225700) | about 10 months ago | (#45412041)

yes, im sure you can install a cell tower on any building in NYC and no one will notice. not even the building management

Re:Risk Mitigation (1)

ebno-10db (1459097) | about 10 months ago | (#45412187)

Put it in an office, and leave the antenna behind the curtains. Base stations aren't that big or power hungry these days. I'm not saying this is likely, but it is possible.

Re:Risk Mitigation (1)

LF11 (18760) | about 10 months ago | (#45412079)

The problem is if the firmware can be hacked over-the-air to turn on the microphone and camera at will. Is this possible? I have always assumed not. However, if the firmware is plagued with security holes, it becomes rather more likely that it is possible.

Google, of course, makes this extremely difficult to do through Android. They do not control the underlying firmware, however.

Re:Risk Mitigation (1)

mrchaotica (681592) | about 10 months ago | (#45412265)

I couldn't care less whether I can "trust" the cell tower. What I care about is ensuring that the code running on the radio's processor can't eavesdrop on the code that's running on the phone's main processor (or any of the other devices attached to it).

Re:Risk Mitigation (0, Flamebait)

onyxruby (118189) | about 10 months ago | (#45411799)

In your house do you also provide the tinfoil hats when you drop off the cell phones? You could have a nick little rack setup with tinfoil hats on the bottom and chargers on the bottom. Of course your guest have to trust /you/ not to have chargers that tap their cell phones while they are in use. So many trust issues and so many conspiracies, where do you begin?

Re:Risk Mitigation (1)

ebno-10db (1459097) | about 10 months ago | (#45411889)

Physical security of your cell is important too, lest the Mossad put a bomb in it.

Re:Risk Mitigation (1)

LF11 (18760) | about 10 months ago | (#45412019)

While true, I am rather less concerned about that.

Although, now that you mention it, I wonder if the firmware could be hacked so as to cause a fault in the battery and cause it to catch fire or explode?

Re:Risk Mitigation (0)

Anonymous Coward | about 10 months ago | (#45412137)

the firmware could be hacked so as to cause a fault in the battery and cause it to catch fire

No ...

Well, not until I get the one last bug out of the required hack.

----

I can't find the "Post Humously" tickbox

Re:Risk Mitigation (1)

ebno-10db (1459097) | about 10 months ago | (#45412205)

Good point. Some lithium battery chemistry's seem to eliminate the need for separate explosives.

Re:Risk Mitigation (1)

Lothsahn (221388) | about 10 months ago | (#45411903)

We're getting to the point that, if given the choice between a random stranger and the NSA, I'd trust the stranger more.

Re:Risk Mitigation (1)

LF11 (18760) | about 10 months ago | (#45412015)

I already do. For one, most strangers are honest, law-abiding people.

Re:Risk Mitigation (1)

ebno-10db (1459097) | about 10 months ago | (#45412221)

Considering the way the law is interpreted these days, honest is the far more important criterion.

And what makes you think (1)

Marrow (195242) | about 10 months ago | (#45412217)

that any of those strangers are "random". :)

Re:Risk Mitigation (0)

Anonymous Coward | about 10 months ago | (#45412223)

We're getting to the point that, if given the choice between a random stranger and the NSA, I'd trust the stranger more.

How do you know he is not from NSA?

Re:Risk Mitigation (1)

LF11 (18760) | about 10 months ago | (#45412007)

No, but I provide aluminum foil if anyone wants to make their own.

I am think to frame this as an etiquette issue. We take our shoes off at the door to avoid tracking dirt and the occasional dogshit through the house. Similarly, we leave our cellphones at the door so as to more fully engage with each other in the tranquility of a peaceful home ... and leave the spy shit at the door.

Re:Risk Mitigation (0)

Anonymous Coward | about 10 months ago | (#45412307)

Guests will be cordially invited to leave their cell phones at the door,

You know, if you were more engaging/entertaining, you wouldn't have to resort to such actions. I'm far from top-shelf entertainment but I have ZERO problems with folks using their phones when visiting.

So, whats next on your list... putting up a Faraday cage inside the walls of the house? Since the Jedi Force isn't real... how about mandatory drugging of visitors so they have less wants and make them malleable and open to suggestion.

From your post, I'm pretty sure I can put the finger one WHY you need to confiscate people's phones, and it isn't about privacy.... ummm, unless your visitors are part of your perpetual BDSM orgy... hmmmm... maybe I know why my parties are better now.

Old silent SIM firmware (3, Interesting)

pieterh (196118) | about 10 months ago | (#45411643)

The SIM firmware runs silently and in the background and by some reports, even when the phone is switched off, it continues to slowly ping cell towers, making your phone trackable unless you remove the battery.

Re:Old silent SIM firmware (1, Interesting)

Anonymous Coward | about 10 months ago | (#45411677)

That is why it is getting increasingly tough to find a phone with a replaceable battery.

Re:Old silent SIM firmware (1, Informative)

DeathToBill (601486) | about 10 months ago | (#45411835)

Or, you could buy something other than an iPhone.

Re:Old silent SIM firmware (1)

Anonymous Coward | about 10 months ago | (#45412075)

Or, you could buy something other than an iPhone.

s/iPhone/iPhone or Windows Phone or increasing number of Android phones

Re:Old silent SIM firmware (0)

Anonymous Coward | about 10 months ago | (#45412081)

Yeah, Samsung is a pretty obscure company. Their market share of phones has declined to what, about 70% now?

Re:Old silent SIM firmware (1)

tgd (2822) | about 10 months ago | (#45412129)

That is why it is getting increasingly tough to find a phone with a replaceable battery.

Or people just like the aesthetics of a phone without a battery cover.

But by all means, tinfoil on.

Re:Old silent SIM firmware (0)

Anonymous Coward | about 10 months ago | (#45412309)

Why is why you Faraday Cage it when not using it.

Re:Old silent SIM firmware (2, Interesting)

Anonymous Coward | about 10 months ago | (#45411683)

Surely a well designed chip can use the power of the radiowaves already in the air, negating the need for a battery...

Re:Old silent SIM firmware (3, Informative)

dotancohen (1015143) | about 10 months ago | (#45411747)

Surely a well designed chip can use the power of the radiowaves already in the air, negating the need for a battery...

That is exactly how RFID works. However, RFID fields are much stronger and the receiver is much closer.

The phone could probably use the power of the radiowaves in the air to do very low power things like perhaps change an e-ink display slightly. There is no way that there is enough energy to actually transmit a signal hundreds of meters.

Re:Old silent SIM firmware (1)

wonkey_monkey (2592601) | about 10 months ago | (#45411795)

The phone could probably use the power of the radiowaves in the air to do very low power things like perhaps change an e-ink display slightly.

Wouldn't it be better to power it from ambient light (which was enough to power my calculator 20 years ago, and if there is no light there's no need to change the e-ink display ;) ) or motion?

Shake it to wake it!

Re:Old silent SIM firmware (2)

ebno-10db (1459097) | about 10 months ago | (#45411909)

Shake it to wake it!

It would be especially interesting with women who keep their cell in their bras (a not uncommon practice).

Re:Old silent SIM firmware (1)

Shadowmist (57488) | about 10 months ago | (#45412039)

The phone could probably use the power of the radiowaves in the air to do very low power things like perhaps change an e-ink display slightly.

Wouldn't it be better to power it from ambient light (which was enough to power my calculator 20 years ago, and if there is no light there's no need to change the e-ink display ;) ) or motion?

Shake it to wake it!

How much ambient power did your cheap solar calculator generate when it was stuffed inside your pocket?

Re:Old silent SIM firmware (2)

fisted (2295862) | about 10 months ago | (#45411763)

Surely not, as there isn't much energy to harvest in the first place. You'd need way more to create a signal strong enough to to be picked up by the tower, so either you have your tower very close, or your idea is moot.

Re:Old silent SIM firmware (1)

Gramie2 (411713) | about 10 months ago | (#45412099)

For over a hundred years, people have been using the power of radio waves to generate enough electricity to operate a radio [wikipedia.org] with earphones.

Re:Old silent SIM firmware (0)

Anonymous Coward | about 10 months ago | (#45411731)

Citation needed.

Re:Old silent SIM firmware (0)

zaax (637433) | about 10 months ago | (#45411737)

Nope off is off - at least on my android.
Who told you that one?

Bullshit (1)

Anonymous Coward | about 10 months ago | (#45411869)

I think the IATA would have has something to say if that were really the case.

Re:Old silent SIM firmware (0)

Anonymous Coward | about 10 months ago | (#45411885)

The SIM firmware runs silently and in the background and by some reports, even when the phone is switched off

Only with apple iCrap devices - you can't really turn them off.

And this isn't new, it has been that way since the first iphone.

Re:Old silent SIM firmware (0, Flamebait)

Shadowmist (57488) | about 10 months ago | (#45412021)

The SIM firmware runs silently and in the background and by some reports, even when the phone is switched off, it continues to slowly ping cell towers, making your phone trackable unless you remove the battery.

There's no paranoia like Geek paranoia who daily provide living examples of just how dangerous having just a little knowledge can be. You don't need to be paranoid about the radio in your cellphone. Yes your cellphone is trackable. IT HAS TO BE FOR THE THING TO WORK. I don't worry about who can track my phone when it's turned off, because I, like most people who have ditched landlines, don't turn it off. The whole point of having a phone is to be reachable by the folks who need to contact you and for you to reach those you need to contact. There's no point going over board in tracking the hardware because if you're that clandestine, you're just buying a brace of disposables and chucking them regularly as an operating expense. Or not using them at all. There's a lot of easier ways to track you by the incessant data trail you leave by your phone calls, your email, and your incessant tweeting about how paranoid you are about THEM finding you. You want to be untrackable... go chuck ALL of your communication gear... including your WIFI equipped laptop and go live in a cave somewhere.

Re:Old silent SIM firmware (2)

ruir (2709173) | about 10 months ago | (#45412227)

Low tech solution, leave phone at home?

Re:Old silent SIM firmware (1)

mrchaotica (681592) | about 10 months ago | (#45412313)

If you're really worried about that, wouldn't a good workaround be to carry a faraday cage with you? For example, an opaque anti-static bag would be helpful (at least according to some random blog post I just read).

WHICH IS WHAT I SAY OF PROCTOLOGISTS !! (-1)

Anonymous Coward | about 10 months ago | (#45411673)

Who knows where those fingers have been ?? And why use more than one ?? Questions that need investigating !! Which reminds me of the first South Park !! Spoiler. The OS running the radio was alien !! Ergo: Beware all OSes running up in your ass !!

1+1+1=3 3!=2 (0)

Anonymous Coward | about 10 months ago | (#45411685)

*cough* java on the SIM *cough*

Only a few hundred thousand people know this.... maybe, "unknown by the majority" ain't "secret".

News at 9 - evolution isn't horizontal (sigh)

MCUs run firmware (2)

fisted (2295862) | about 10 months ago | (#45411687)

News at 11.

Re:MCUs run firmware (3, Insightful)

rasmusbr (2186518) | about 10 months ago | (#45411775)

Yeah, I'm surprised anyone thinks this is news. It's been like this since the days of the grayscale Nokia phones. A phone that is turned of can still be located by the cell towers and it can in some cases be remotely turned on and used as a listening device. Back then security experts advised to remove the battery before you discussed secrets in a corporate or government setting, in order to avoid falling victim to espionage.

I guess it's just not very practical to follow that advice. Some government agencies and some corporations have probably installed jammers or shielding around certain meeting rooms in order to keep top meetings secure.

Re:MCUs run firmware (1)

Dcnjoe60 (682885) | about 10 months ago | (#45411913)

Yeah, I'm surprised anyone thinks this is news. It's been like this since the days of the grayscale Nokia phones. A phone that is turned of can still be located by the cell towers and it can in some cases be remotely turned on and used as a listening device. Back then security experts advised to remove the battery before you discussed secrets in a corporate or government setting, in order to avoid falling victim to espionage.

I guess it's just not very practical to follow that advice. Some government agencies and some corporations have probably installed jammers or shielding around certain meeting rooms in order to keep top meetings secure.

Probably because some very popular phones make it impossible to remove the batteries.

Re:MCUs run firmware (1)

drinkypoo (153816) | about 10 months ago | (#45412229)

Probably because some very popular phones make it impossible to remove the batteries.

Luckily, they still fit in a mylar bag.

Re:MCUs run firmware (2)

ebno-10db (1459097) | about 10 months ago | (#45411945)

Some government agencies and some corporations have probably installed jammers or shielding around certain meeting rooms in order to keep top meetings secure.

In labs where classified government work is done (not necessarily very high level classification either) you're often required to put your cell in a box or something outside the lab before you enter. You don't have to turn it off, which makes it fun to figure out whose cell is ringing when you have a whole basket of them.

Re:MCUs run firmware (0)

Anonymous Coward | about 10 months ago | (#45412273)

In labs where classified government work is done (not necessarily very high level classification either) you're often required to put your cell in a box or something outside the lab before you enter. You don't have to turn it off, which makes it fun to figure out whose cell is ringing when you have a whole basket of them.

1. Who is answering their phone when it is in a box outside the lab?
2. Ringtones.

Re:MCUs run firmware (1)

updatelee (244571) | about 10 months ago | (#45411929)

I agree, not exactly breaking news, I should be common knowledge. Lots of devices run like this, including your PC. Tons of devices inside and outside your computer use firmware.

UDL

Idiotic article (1, Interesting)

Anonymous Coward | about 10 months ago | (#45411691)

I run an aftermarket radio on my Nexus 4 that enables LTE.

It's not a separate operating system. It is the definitions for the SDR ASIC in the phone. It is not part of the main ARM processor - it's memory is just mapped through it to facilitate programming.

What the hell is wrong with Slashdot these past few years? It seems that ever since the dice buyout the place has just gone in the shitter.

Re:Idiotic article (2)

ebno-10db (1459097) | about 10 months ago | (#45411819)

It's not a separate operating system. ... It is not part of the main ARM processor

"It is not part of the main ARM processor" means it's a separate processor, which is correct, and it does run a separate OS (RTOS really).

It is the definitions for the SDR ASIC in the phone.

If it's SDR, then it must be running on a processor. In practice, it's a mix of hardware and software implementation. For example, despreading CDMA signals is easy to do in hardware, and a complete waste of a processor's power in software. There are probably also one or more DSP's buried in there somewhere. Despite some extensions for light-duty stuff, ARM is not a good choice for DSP.

Re:Idiotic article (1)

jonwil (467024) | about 10 months ago | (#45411919)

BZZT WRONG. I have seen the Nexus 4 hardware and I know for a fact that it does contain a separate CPU for the baseband.

Re:Idiotic article (1)

Shadowmist (57488) | about 10 months ago | (#45412065)

I run an aftermarket radio on my Nexus 4 that enables LTE.

It's not a separate operating system. It is the definitions for the SDR ASIC in the phone. It is not part of the main ARM processor - it's memory is just mapped through it to facilitate programming.

What the hell is wrong with Slashdot these past few years? It seems that ever since the dice buyout the place has just gone in the shitter.

The place was going downhill long before then. It's like anything that's open to the general public. There's always someone who thinks he can garner 15 seconds of Internet fame by posting to geek paranoia.

The less it has to do, the safer it is. (1)

Anonymous Coward | about 10 months ago | (#45411705)

Because it's harder to exploit.

Did you know that inside EVERY SINGLE electronic circuit is an "OS" that is trusted for EVERYTHING? It's called "the laws of physics". If that circuit gets a signal to switch on, EVEN FROM A MALWARE AUTHOR, *it will switch*.

Worse, there's absolutely NO WAY to remove it!

QUICK! HIDE FROM THE PAEDO TAKING OVER YOUR COMPUTER!!!!

Re:The less it has to do, the safer it is. (1)

Dcnjoe60 (682885) | about 10 months ago | (#45411895)

Because it's harder to exploit.

Did you know that inside EVERY SINGLE electronic circuit is an "OS" that is trusted for EVERYTHING? It's called "the laws of physics". If that circuit gets a signal to switch on, EVEN FROM A MALWARE AUTHOR, *it will switch*.

Worse, there's absolutely NO WAY to remove it!

QUICK! HIDE FROM THE PAEDO TAKING OVER YOUR COMPUTER!!!!

It doesn't even need a malware author. A stray electronic field is usually enough to flip the switch on or off or more likely completely burn it out.

Over-the-air Security Protocols (1)

ebno-10db (1459097) | about 10 months ago | (#45411743)

It doesn't matter if the RTOS and other firmware are secure if you don't have good security in the over-the-air protocols. That's the vector that would be used to get to this, assuming you have decent security on the host processor (or whatever you want to call the thing that runs stupid games). Some time ago I worked on 3G and LTE phy layer stuff, but don't recollect much about the higher layer protocols. Anyone know what sort of security they have?

Excessive Peer Review is Anti-Capitalist (2, Interesting)

atom1c (2868995) | about 10 months ago | (#45411749)

From the original article, the author (Thom, whom I recognize for his efforts) introduces the topic of peer-reviewing every minutia of the devices we use; he laments about the absence of peer-review in proprietary and closed-source. As an open-source advocate, such a viewpoint is naturally expected and his flashing a light on the subject is always appreciated. [But how does he know? Wouldn't technology companies use security consultants to conduct security audits?]

However, applying the same lines of argument to every closed-source scenario is really preaching anti-capitalism. That means they're arguing against trust of the technology creator, against their desire for trust-based compensation, against the notion of making a dollar in order to spend a dollar (due to constant disclosure of all things 'private'), and against the underlying notion of privacy. Actually, scratch that... they're simply hypocrites.

Why? Because they advocate disclosure (anti-privacy) by others, thus not trusting others. However, they want personal privacy in the hopes of establishing a reputation for being trustworthy -- or are they advocating an ultra-liberal utopia where commerce is not based on property but instead based on a crafted perception of trust? Either way, that's hypocritical behavior! If everything becomes subject to peer-review, then the notion of trust vaporizes... and in the process, privacy is gradually lost... and both factors lead to an erosion of aspects of capitalism.

TL;DR -- Peer-review everything means trusting nothing, disclosure of everything, and loss of privacy... yet it's hypocritical since the advocates seek to maintain anonymity when applying the same frustrations against capitalism as they do against trust-based commerce.

Re:Excessive Peer Review is Anti-Capitalist (1)

wonkey_monkey (2592601) | about 10 months ago | (#45411791)

TL;DR -- Peer-review everything means trusting nothing, disclosure of everything, and loss of privacy...

Your TL;DR needs a TL;DR.

Re:Excessive Peer Review is Anti-Capitalist (2)

Punko (784684) | about 10 months ago | (#45411831)

Sorry Sunshine, you're mixing apples and oranges. He's advocating peer-review for technologies to be widely used and trusted by people. He's advocating privacy and anonymity for people. You are trying to say that asking that the tools we use to privately communicate should be trusted, because the corporate bodies that make them deserve to be trusted. People have the right for private communication, with the exception of pre-authorized, court sponsored, evidence gathering. People are allowed to be anonymous. We do not have to carry papers when we travel locally/internally. We are free to associate. I do not have to trust that the software you have installed on a device that that I own. I certainly do not have to give up my rights to grant rights where they do not belong

Not a bug but a feature (0)

Anonymous Coward | about 10 months ago | (#45411789)

It's important that the NSA be able to hack everyone's phone. It is wel known that each and every NSA contractor or employee is extremely honest while normal citizens are all wannabe criminals that must be monitored 24hours a day.

SPY Sapping my Smartphone! (0)

Anonymous Coward | about 10 months ago | (#45411837)

"Naturally.... what did you expect?"
"Well off to visit your mother!"

What can go wrong? (1)

Murdoch5 (1563847) | about 10 months ago | (#45411843)

Assuming the embedded developers are skilled and can craft excellent low level software in ASM and C then very little. If we assume they threw some co-op's on the job with some cocky young programmers and they used Object Oriented languages then a hell of a lot. However I feel pretty confident that the code is pretty low level because having done radio programming, you generally need to work at the architecture level and not abstracted by 10 levels. Of course the other option is that it's all VHDL / Verilog in which case I trust it almost completely because anyone skilled enough to do hardware design in VHDL / Verilog is going to be pretty hardcore.

Re:What can go wrong? (1)

ebno-10db (1459097) | about 10 months ago | (#45412085)

Assuming the embedded developers are skilled and can craft excellent low level software in ASM and C then very little.

Hell of an assumption, and yes, I've written low-level embedded code for stuff like this. I don't know how realistic this attack vector is (I worked on MAC/Phy stuff, and don't know the security arrangements of the higher layers), but it's incorrect to assume that otherwise good quality code is secure. Even top-notch coders make mistakes in things that are designed to be highly secure (e.g. SSH), and the sort of stuff being discussed is often designed with little thought to security. Whether it's realistically necessary to change that, I don't know. People here have advocated network security for CAN busses. Yeah, right guys, an ABS system has time to authenticate before deciding to stop your car. The problem is that non-embedded people think every 2-bit embedded processor should have software and security like a web server. Sometimes things like physical security are what you need.

Of course the other option is that it's all VHDL / Verilog in which case I trust it almost completely because anyone skilled enough to do hardware design in VHDL / Verilog is going to be pretty hardcore.

Doing that sort of logic design well requires skill, but don't be overly impressed by it. I've done lots of VHDL design and my wife tells myself Im nots no genyus.

Why stop there? (1, Funny)

Dcnjoe60 (682885) | about 10 months ago | (#45411879)

Why stop there? Every cell phone also runs on an operating system called QM (quantum mechanics). Hack that and you can make the phone do all sorts of really cool things.

Re:Why stop there? (2)

Anon, Not Coward D (2797805) | about 10 months ago | (#45411981)

but if someone devices an exploit for QM, the phone will be compromised and not... at the same time

Re:Why stop there? (0)

Anonymous Coward | about 10 months ago | (#45412303)

Schrodinger's Kitkat?

Baseband processors (1)

benjfowler (239527) | about 10 months ago | (#45411969)

I learnt recently that these baseband processors are controlled over a serial connection, and talk old-school Hayes AT commands.

So if this is true, then it should be reasonably easy for hobbyists to buy baseband processors off the shelf and interface them to microcontrollers or Arduino or whatever fairly easily, and get instant Wi-fi/Bluetooth/cellular data support?

Re:Baseband processors (1)

tgd (2822) | about 10 months ago | (#45412153)

I learnt recently that these baseband processors are controlled over a serial connection, and talk old-school Hayes AT commands.

So if this is true, then it should be reasonably easy for hobbyists to buy baseband processors off the shelf and interface them to microcontrollers or Arduino or whatever fairly easily, and get instant Wi-fi/Bluetooth/cellular data support?

Yes, and pretty much every site that sells Arduinos and other microcontrollers sell them.

Have you never actually looked? Do a search on "GSM" on any of those sites, there's a zillion modules with various GSM chipsets. Trivial to make calls, handle data, send/receive SMS, etc ...

Re:Baseband processors (1)

ebno-10db (1459097) | about 10 months ago | (#45412283)

I know you can buy modules like that for embedded designs. I don't know where a hobbyist can get something with a power supply and an RS-232 port, but I find it hard to believe that nobody makes it. As long as all the wireless protocol stuff is in the module, it should be possible to get a cert.

probably the most secure part of the phone.... (1)

Anonymous Coward | about 10 months ago | (#45411987)

This post makes it sound as if the phone radio controller is completely unhardened- that couldn't be farther from the truth! In most phones, they are so isolated from the main OS that even root access won't get you anywhere on that controller, other than sending control messages that are within its intended use.

In the case of the iPhone baseband, there hasn't been a new exploit (to enable unlocking) in years! And it's certainly not for lack of trying. The only successful current unlocks use man-in-the-middle attacks in the form of a specialized SIM.

Exploits for baseband processors (5, Informative)

benjfowler (239527) | about 10 months ago | (#45411993)

Baseband hacking article: "Baseband Hacking: A New Frontier for Smartphone Break-Ins"

http://readwrite.com/2011/01/18/baseband_hacking_a_new_frontier_for_smartphone_break_ins#awesm=~on54yB5zHMVt93 [readwrite.com]

Apparently, the firmware in baseband processors don't get updated a lot because of certification requirements, vendor laziness, etc, and certain well-funded attackers have swags of exploits for phones that can crack phones from over-the-air through the baseband processor itself.

Everything has software (4, Informative)

saider (177166) | about 10 months ago | (#45411995)

By this logic, even your computer has multiple operating systems. The chipset on your motherboard is not pure hardware - there are small cores in there running embedded software that you never see. I am not talking about BIOS, which is another type of firmware, that is visible to the user.

EVERYTHING these days has software. Shipping a software patch is cheaper than a recall. This goes back to the old joke - the mechanical engineer thinks it is an electrical problem, the electrical engineer thinks it is a mechanical problem, but they both agree that it should be fixed in software.

This story reminds me of the Simpsons episode where Kent Brockman breaks a story about the government training people to kill on an industrial scale. "They call it the 'Army', but I have a better name - Killbot Factory".

News for nerds (0)

Anonymous Coward | about 10 months ago | (#45412001)

Did anyone here really not know this?
This has been the case since forever. In fact, this is BETTER (if done right), used to be it was a hardcoded OS in the actual hardware itself, this is actually capable of being upgraded in the case of exploits.

I think a more pressing concern is that the internet is still based entirely on TRUST.
Trust which is being broken more and more each year.

Binary blobs forever (0)

Anonymous Coward | about 10 months ago | (#45412069)

Lessee, Mitnick was busted in what, '95 or so, using a switch simulator? So, in 20 years, bad actors on all sides of the law, including generations of Feds and cops camped out at cell switches bullshitting with engineers, have not come up with ways to hack your cell phone that they can take to the local *cough* *ahem* underground electronics designer, or else, or some pliant security engineer, to implement? Yeah, right, sure. Actually it's probably closer to 30 years. Just assume your phone is pwned, never mind iOS or Android. Is that why Verizon Fraud keeps trying to social me into a compromised position-they're recruting? No thanks, the pay SUX!

Nah, I want (NOT!) one of those PHAT JUICY DHS grant contracts like the City of Seattle recently gave Aruba(sic?) for their new mesh network total spectrum surveillance/dominance platform, complete with kill switches to disable phones when the Pinkertons pull out their batons to crack skulls. Apparently they could do this all along but just needed the cover to admit it. Why else are we reading TFA now, when I've always wondered about it, and wondered why it got no play? I assumed it was because somebody $BIG wanted it that way. Or else. Guess I was right.

Time to certify an open-source baseband-processor/RTOS combo. Day late, dollar short, barn door closing, but necessary, and maybe ultimately sufficient.

"What could possibly go wrong?" (1)

csumpi (2258986) | about 10 months ago | (#45412175)

What could possibly go wrong?

Oh that's easy.

People who have no effin idea what the hell they are talking about, but feel compelled to spew their opinion and ask stupid questions. You can find them all over the internets and the workplace.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>