Hacker News new | ask | show | jobs
by DCKing 2399 days ago
No, it is FUD. Their threat model is explicit:

> Complex parts like the cellular modem or the WiFi can access the very same RAM that is used at runtime to store your most private data, but at the same time they are controlled by binary-only firmware that no one except the manufacturer of that chip has access to.

For the cellular modem, in your run-of-the-mill iPhone or Android phone nowadays, it is simply false that the cellular modem can access arbitrary data in RAM. Can't tell you about WiFi, but I expect a similar situation.

There's a lot of room for improvement in secure smartphone architectures, but the "baseband can read your photos" trope is simply false.
2 comments
jcims 2399 days ago
I don’t know much about the responsibilities of the baseband but it seems that there are other attack vectors. Can it read storage? What about unencrypted content going over the network?
link
yjftsjthsd-h 2399 days ago
Of course the network hardware can see unencrypted network traffic. That's unfixable, except of course by encrypting everything.
link
DyslexicAtheist 2399 days ago
only there is no process isolation so no strong guarantee that secrets aren't leaked. no control over baseband makes the whole environment in which (other privacy protecting) apps are running extremely hostile from a security pov.
link
thu2111 2398 days ago
That's not really correct either.

Modern Android/Qualcomm phones have pretty sophisticated security architectures that do indeed isolate the baseband, partly because exploiting baseband bugs was such a common source of phone unlocks in the past. If an app is using SSL then the baseband can't read what's happening.

link
SeanMacConMara 2398 days ago
I think we are talking at cross purposes.

If the chips are tightly integrated propriatary black boxes like on most hw then from my POV its _physcially_ possible for them to read anything regardless of what the designers/industry say because I do not trust them.

You trust your sources that say "..simply false that the cellular modem can access arbitrary data in RAM". I don't. Even if you claim to have personally designed, fabbed and shipped that silicon I still have no practical reason to trust.

link