|
|
|
|
|
|
by myself248
855 days ago
|
|
|
1: Simply bringing it down. If tensions escalate and someone has the ability to cripple their adversary's communications, obviously it's a string they can only pull once, but knowing they can pull it when the time is right, is a big deal. 2: E2EE doesn't insulate you from baseband vulnerabilities. You can think of a modern phone as having two processors, though in practice it's many more, think of the Application Processor (AP) and the Baseband (BB). The AP is basically the CPU that user code runs on. The baseband (so called because it deals with the radio signals once they've been downconverted from their broadband modulations) is sort of like a NIC, it provides connectivity to the main CPU. Now, if you're familiar with server NICs, imagine a server BMC that has god-level access to the hardware on which the application runs. That's roughly how the baseband is situated in the phone. Obviously you'd only connect such a BMC to an internal management network that's only accessible to trusted parties, right? Not to one that your adversary controls? YEahhhhh. If the adversary controls the cellular network and talks directly to the BB/BMC, it doesn't matter how secure the AP/CPU is, it's game over. |
|
|
The situation is somewhat better now. iPhone's modems are separated from the main CPU and communicates with it using some sort of serial link, and AFAIK tensor based pixels have modems isolated using IOMMU.