[Community] Next generation OpenPhoenux devices
openmoko at maricon.de
Sat Apr 20 22:30:25 CEST 2013
>> If I don't have control of the binaries running on my phone's modem,
through access to the source code, then
>> the modem is wide open for abuse.
> But only if it implements over-the-air updates or someone makes you
click on an installer from unknown sources...
No! I still need to state that I already had to make the experience that
modems can include serious malware already from original production!
I can confirm that the modem that GD built into the GTA04A4 up to now
didn't show any malfunctions, at least none that I could notice. But I'm
cocksure that this is only because the modem that GD uses obviously
never had been designed to be used within private phones. It seems to be
a modem dedicated to be used within wind power plants and such things.
Only for this reason no efforts had been made to implement malware into
it already by the manufacturer.
> But my opinion is that it is not necessary as long as there are two
separate processors using some well
> known - and open - interface. This allows to inspect for suspicious
code and protect all the data on the
> application processor against remote access. It is even possible to
disable the interface driver in your
> kernel or make it do additional safety checks. So the firmware in the
modem isn't more harmful than
> things going on in the network.
Yes, indeed that helps in most cases affecting malware software. But up
to now we haven't discussed any possibilities of malware hardware!
Without any further explanations I want to say: I'm absolutely not sure
if the upcoming Ubuntu phone will behave as secure as the GTA04A4 up to
now does. And in case the Ubuntu phone will contain malware hardware, I
don't think that it will be Canonical's guilt. But I think they will use
a modem that from the scratch has been designed to be within private
phones. And that's the problem!
> The final question about this article is if *we* (community/society)
should really help suspects like those
> mentioned in the article to protect themselves against prosecution
better than before. I think it is also
> in *our* interest that police can catch people doing e.g. tax fraud
(and other bad crime). Otherwise we
> all have to pay *their* taxes...
Openmoko already answered this question: Yes, we should!
And Germany's highest court also already answered this question:
It decided within a spectacular decision that *all* already collected
data had to be deleted *at*once* and *none* further data may be
collected without the explicit decision of a court! And therefor no
malware affected phone is necessary!
The remaining questions are pure politics and there're at least two
political parties in Germany that discuss questions like these at great
length. This list most probably is the wrong place for such discussions.
Perhaps you should do the same as I did: Become a member of one of them...
More information about the Community