First small steps toward free GSM firmware

Neal H. Walfield neal at walfield.org
Sat Nov 16 00:33:02 CET 2013 

At Sat, 16 Nov 2013 00:03:33 +0100,
kardan wrote:
> 
> [1  <multipart/signed (7bit)>]
> [1.1  <text/plain; US-ASCII (quoted-printable)>]
> Am Fri, 15 Nov 2013 02:17:48 +0100
> schrieb joerg Reisenweber <joerg at openmoko.org>:
> 
> > [quote]
> > Lastly, the baseband processor is usually the master processor,
> > whereas the application processor (which runs the mobile operating
> > system) is the slave. [/quote]
> > 
> > Nothing more to say. This article isn't worth the CPU time to render
> > it on my screen.
> > 
> > You can hack and exploit the baseband as much as you like, it stays
> > baseband can can do nothing it couldn't do anytime on any location in
> > the network. IOW, don't worry about what's going on in your modem.
> > It's even less interesting than what's going on in your harddisk of
> > your PC. Since the harddisk could actually introduce a infected
> > bootloader or kernel to your system, the modem is sth you rarely ever
> > boot from. ;-P
> 
> I don't get you (or got you wrong). The article says (which indeed is
> no news), that the baseband can be easily exploited which affects
> the applications you are running (or are started / installed remotely).
> 
> http://lists.mayfirst.org/pipermail/guardian-dev/2012-October/001012.html
> http://www.theregister.co.uk/2013/03/07/baseband_processor_mobile_hack_threat/?page=1

This is the key bit from the Register's article:

  "Just like on PCs, modern (smart)phone designs are based on a shared
  memory architecture," Rupp told El Reg. "In other words, the baseband
  processor and the application processor share the same physical memory
  to communicate with each other. Even though there are various
  protection techniques like DEP (Data Execution Prevention) in place
  that should in principle prevent that, memory pages which contain
  executable code can be written to.

As long as the modem and CPU only communicate via the serial port,
i.e., there is no shared memory, then the application CPU is
(relatively) safe from attacks started from the baseband CPU.  As I
understand it, this is the case for the GTA0*, but it would be good to
have confirmation of this from someone better in the know.

Neal

More information about the community mailing list