Hacker News new | ask | show | jobs
by mirimir 2363 days ago
This is also an issue for Android and iOS. And some of the newer cryptocurrencies are more or less restricted to those platforms.

And with smartphones, adversaries can access the OS using StingRay etc.

Edit: I should have said "devices like StingRays". Perhaps StingRays can only track, and maybe see traffic. But the baseband is poorly secured, and has privileged access.
1 comments
johnnycab 2362 days ago
>And with smartphones, adversaries can access the OS using StingRay etc.

I was not aware of StingRay possessing any advanced capabilities, other than being used as a IMSI catcher and providing LE with 'tower dumps'?

https://en.wikipedia.org/wiki/Stingray_phone_tracker

https://eu.usatoday.com/story/news/nation/2013/12/08/cellpho...

link
mirimir 2362 days ago
I'm not sure about the StingRay brand per se, but it's likely that malicious fake cell towers can pwn the baseband radio. And we know that the baseband radio is privileged over userland.

Also, baseband firmware is totally black box, so we have no clue what its capabilities are. So the safest bet is isolating it in a subsystem, or better in a separate device, which can be firewalled.

https://www.osnews.com/story/27416/the-second-operating-syst...

link