[Community] Next generation OpenPhoenux devices

Bob Ham rah at settrans.net
Sat Apr 20 22:40:32 CEST 2013


On Sat, 2013-04-20 at 11:00 +0200, Dr. H. Nikolaus Schaller wrote:
> Am 19.04.2013 um 16:06 schrieb Bob Ham:

> >  http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/

> > Note that this article describes only one known scenario where a modem's operation is altered surreptitiously.

> > If I don't have control of the binaries running on my phone's modem, through access to the source code, then the modem is wide open for abuse.
> 
> But only if it implements over-the-air updates or someone makes you click on an installer from unknown sources

I'm talking about the binaries running on the baseband processor (the
modem), not the application processor (the CPU).

By the "over-the-air" updates, I presume you're referring to updates of
the software running on the application processor, not the baseband
processor.  Obviously, clicking on installers is only relevant to the
application processor.

As the article I linked to shows, remote modification of the software
running on the baseband processor is happening now without the user's
consent.


> But is there any chance to open to firmware of an embedded subsystem?

Getting manufacturers to release the source code for existing baseband
processor software doesn't seem like a fruitful endeavour to me.  I'd be
much more interested in new devices that are designed to use baseband
processors supported by free software GSM stacks like OsmocomBB:

  http://bb.osmocom.org/trac/


> The final question about this article is if *we* (community/society) should really help suspects like those mentioned in the article to protect themselves against prosecution better than before. I think it is also in *our* interest that police can catch people doing e.g. tax fraud (and other bad crime). Otherwise we all have to pay *their* taxes...

I don't see this as a valid argument.  By the same logic, nobody should
release highly secure operating systems like OpenBSD or some GNU/Linux
distributions because doing so helps suspects to protect themselves
against prosecution better than having just Windows available with
simple cracks for the police to use.

I don't think it is in our interest for society to refrain from
implementing secured computer systems just so that the police can catch
criminals more easily.

-- 
Bob Ham <rah at settrans.net>

for (;;) { ++pancakes; }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.goldelico.com/pipermail/community/attachments/20130420/d4077652/attachment.asc>


More information about the Community mailing list