Hacker News new | ask | show | jobs
by segfaultbuserr 2473 days ago
Unsurprising, and I don't think it's a backdoor like ME, but just plain incompetence (or malpractice). It's only a matter of time and location when a exploit like this is discovered. I highly recommend this hilarious paper, Fuzzing the GSM Protocol (https://www.ru.nl/publish/pages/769526/scriptie-brinio-final...). By feeding the phones with random GSM data with a Software-Defined Radio, it showed most dumb and smartphones have serious memory corruption issues. Just starts reading from Page 27, Chapter 5.

* Read Memory

> On two different phones it was possible to read out (part of) the phone memory. The most interesting of these phones was the Nokia 2600, where a text message would get stored that shows a seemingly random part of the phone memory upon opening. Closing and reopening of the same message would display a different part of the memory, sometimes also causing a reboot of the phone.

> On the Samsung SGH-D500 certain messages would show a strange sequence of characters when opened, but it was unclear to us where it came from. The same message would show up differently when sent multiple times, so we expect it came somewhere from memory.

* Reboot

> Seven of the sixteen phones could be forced to reboot remotely. When rebooting the network connection would be lost temporarily.

> In all but two cases reboots were caused by a discrepancy between a length field and the actual length of that field in the message, making it likely that the behaviour is caused by a buffer overflow.

* Long time DoS

> For the iPhone 4 and HTC Legend the attack with the highest impact was found. By sending a carefully crafted SMS message the phone would not display anything and also stop receiving any SMS messages altogether. In addition on the iPhone it was impossible to change network after the attack.

* Icons

> SMS offers the ability to notify a user that a voice, fax or email message is waiting to be retrieved. According to the specifications every cell phone has to show an icon on the screen when this happens. Problem is that these icons are hard to remove when they were activated illegitimately. Even though this is not an actual security risk it can be quite annoying.

(lol!)

* Unable to delete messages

> A rather annoying bug manifested itself on two cell phones, the Sony Ericsson T630 and Samsung SGH-D500. [...] They could not be viewed or deleted in any way, but they still occupied space on the SIM. The only way to delete these messages was to put the SIM in a different phone and delete them there.

> Problems like these can be quite dangerous.

Nowadays, it's an extremely dangerous problem in the age of smartphones, when the baseband processor contains proprietary, unauditable code, with no isolation between the baseband processor and the main system.
1 comments
tinus_hn 2473 days ago
> no isolation between the baseband processor and the main system.

There’s barely any connection between the baseband processor and the application processor on a smartphone.

Notice for all your examples, it’s denial of service for the functions of the baseband processor by a bug in the code run by the baseband processor. It doesn’t get access to the data available to the application processor. Except for the oldschool feature phones, where there is no separate application processor so a bug in the software run by its processor can cause the phone to reboot or reveal the memory accessible by that processor.

link
effie 2473 days ago
Barely any connection? Like if there is only a single wire, it's fine because the data exfiltration / os manipulation takes long? Oh please. These two processors are interconnected and most of phones run some unknown untrustworthy software on both of them.

Some attacks: https://www.fsf.org/blogs/community/replicant-developers-fin...

link
tinus_hn 2473 days ago
Which has absolutely nothing to do with isolation. The two processors are not ‘interconnected’, they are separate and can only communicate through defined interfaces. That’s isolation. If there is a backdoor on one processor that grants access to the other the problem is that backdoor and not some nebulous interconnection.

If your computer runs a backdoor that grants access to anyone who can access it over the network, the problem that someone from China can now control your computer is not the fault of the Internet. It’s the fault of that program.

And also ‘most of phones’ in the article is ‘Android phones’ and then it’s watered down even more to ‘Samsung Galaxy phones’. ‘In most devices, for all we know, [...]’. No.

link
effie 2472 days ago
Well they do not read directly each other's memory, but still the baseband processor is electrically connected and so can exfiltrate data from or manipulate the application processor. On the other hand, if you have two phones glued together, one for voice/sms, one for internet access via independent network without microphone, the first one cannot exfiltrate/manipulate the second one and the second one cannot record your voice. That is isolation.
link
tinus_hn 2472 days ago
No, because there is a connection between both of these devices and all other devices on the phone network and the internet. It’s just bullshit and on top of that overcomplicated nonsense no one is going to use.
link
effie 2472 days ago
I'm talking about physically isolated computers connected to separate networks, not connected to the same untrusted network. The meaning of the isolation is that while operator of each network has one class of data (voice/sms vs. the internet), neither has both of them.
link