|
|
|
|
|
|
by notactuallyben
1188 days ago
|
|
|
Great work from P0 (and Keen lab). but this statement about baseband mitigations is only partially true. Huawei Balong platform has ASLR and stack canaries now (and some Infineon too I believe), and all baseband platforms are improving (even Mediatek). I didn't check Qualcomm lately, but they have a lot of similar protections now. It's not trivial to do a pivot to AP on modern iPhones or Android phones (excluding some categories) - especially with PAC (and MTE coming). But yeah, (Samsung) Shannon are an attractive target for attackers due to easily obtainable firmware, strings, DWARF (elf) firmware that you can find and relatively good debugging platform. The bugs are generally pretty low hanging too. This isn't the same on Qualcomm platforms (Hexagon is notoriously hard to RE and debug), or the iPhone platforms. |
|
|