Samsung Galaxy Back-door

[pfraze]

I've spoken to a Qualcomm engineer about this article. He responded by telling me, in fact, he was one of the engineers that dealt with the issues that highlighted after it was published. He asserted all of those remote-execution holes were addressed, and the article has been a constant pain since because it was never updated to reflect that.

I'm not a close friend of his, but I've met him on multiple occasions and felt confident he was telling the truth.

[_ofdw]

I'm not sure what this post is supposed to accomplish.

Even if Qualcomm has patched all their vulns and isn't in cahoots with the NSA (a laughable claim), it still needs to prove that to the users.

Otherwise it's just the word of some anonymous person on the internet who "knows a guy at Qualcomm" ....

I'm glad you trust the guy but I'd rather not waste time on this. The world needs a modern, auditable, free RTOS for baseband processors.

[pfraze]

Yeah, I agree. I just wanted to mention it, since that article does get dragged out quite often.

[akiselev]

I've worked with Qualcomm chips before and I guarantee you that it was only due to the public response that they fixed those holes. Qualcomm has an institutional problem that makes it nearly impossible for them to make secure silicon and any fixes they apply now are just damage control.

For example, this is how firmware is treated: https://news.ycombinator.com/item?id=7336248

[gavinward]

That anecdote appears to relate to Broadcom rather than Qualcomm.

[yuhong]

I think the point is that Qualcomm is quite similar. I wonder why.

[msh]

Unless they can point to a update that have been pushed to all Galaxy devices which solves this problem I don't think Qualcomm can complain.