
The second operating system hiding in every mobile phone (2013) - type0
http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone
======
Matt3o12_
Is there any working being done to modernize those protocols? I'm sure Apple
can demand that by a given timeframe, a new standard has to be supported or
else new iphone won't work on the carrier's network (and which carrier would
not want iphones to work on their network?). It's not like Apple is afraid of
such things. I'm sure if apple implemented them, google/samsung would follow
within 1 or 2 years.

In the meantime, is there a refactor/rewrite of that '90 code bash that is
full of bugs and unused functions? And if so, do any phone manufactures use
that improve "firmware"?

~~~
ethbro
As noted in the article, Apple/Google have nothing to do with this problem and
little reason to care until widespread reports of spoofed towers hacking
people's phones start making the front page.

This is on the RF manufacturers: Qualcomm, MediaTek, Spreadtrum, Samsung LSI &
HiSilicon (Huawei).

------
helb
The author posted it to HN after publication (in 2013), it got 262 comments:
[https://news.ycombinator.com/item?id=6722292](https://news.ycombinator.com/item?id=6722292)

~~~
dalbin
I don't know since when, but there is a "past" link which search for past news
with title. Thanks HN :)

~~~
rhizome
Looks like it's an annual tradition!

------
tptacek
It's very important to understand this risk, but also to keep it in
perspective.

Both the two major phone vendors --- Google and Apple --- have teams of people
who are acutely aware of the baseband thread, many of whom are equally as
talented as RPW.

Further, though the article seems carefully written enough to avoid the
misconception, the basebands on modern phones don't get direct access to AP
memory, but are instead connected over a high-speed serial connection with a
limited command set.

~~~
zeveb
> Further, though the article seems carefully written enough to avoid the
> misconception, the basebands on modern phones don't get direct access to AP
> memory, but are instead connected over a high-speed serial connection with a
> limited command set.

That's good to know; for some reason I had an idea that it was all done via
DMA.

Any idea about how exploitable that command set is?

~~~
taneliv
Have a look around for one oldish implementation in Linux kernel:
[https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux....](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/hsi)
. If you're more interested in exploiting something on the baseband side, that
source code is more difficult to come by and supposedly protects quite well
from unexpected traffic from AP side.

------
soft_dev_person
Note that plenty of the security holes are actually required by major carriers
to be present. Just sayin'.

Also, for trust to be thrown out the window, a lot of changes would probably
need to happen both in baseband software and in the networks themselves. Not
seeing that happening anytime soon.

------
id122015
Isn't that how Samsung hides Absolute Computrace rootkit/spyware in the hidden
partition ?

I read that it can not be removed not even by reinstalling the OS. But it
looks like PC manufacturers like Lenovo found a way to hide the same rootkit
in their BIOS.

[https://security.stackexchange.com/questions/53698/detecting...](https://security.stackexchange.com/questions/53698/detecting-
and-removing-absolute-persistance-technology)

------
awinter-py
I assume that when the hardware becomes available to run an open source GSM
baseband, the software will follow shortly afterwards. (Or if qualcomm ever
releases docs for their closed hardware).

The FCC will require signed builds on radio hardware shortly after that.

Best outcome is to have a vetted open source baseband project with
reproducible builds so we can verify our signed binaries.

------
madengr
Funny the author calls the code little understood with no peer review, yet
when has the baseband processor on your phone crashed? Not nearly as often as
the OS. Just because he does not grasp it does not mean it is poorly
implemented. It goes through very extensive reliability and interoperability
testing.

They aren't understood since standards such as LTE are very complex, tying in
RF hardware, DSP in ASICs, and software.

~~~
zaphar
He means peer reviewed from a security standpoint. Reliability and
interoperability may be related to security but they aren't the same thing.

------
unusximmortalis
this article left all those that read it... speechless?

