lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <52C8C990.1020508@bksys.at> Date: Sun, 05 Jan 2014 03:55:12 +0100 From: Bernhard Kuemel <bernhard@...ys.at> To: full-disclosure@...ts.grok.org.uk Subject: "the Fairphone is fatally flawed for security" Hi! The fairphone (http://www.fairphone.com/) is a socially fairly produced smartphone, similar to fairtrade products. http://replicant.us/2013/11/fairphone/ says: "However, things are not looking so good when it comes to evaluating the platform that was chosen for the Fairphone: the modem is embedded in the System on a Chip (SoC) which leads us to believe that it is poorly isolated from the rest of the platform and could access critical components such as storage, RAM, GPS and audio (microphone) of the device. If this was to be the case (we can only speculate about what the truth actually is), it would mean that the Fairphone is fatally flawed for security as it makes it possible for the phone to be converted to a remote spying device." Can you tell me what attack vectors might exploit this vulnerability? Does there need to be a back door in the SoC? Can that be exploited by sending "audio" signals to the modem? Or is this secure if no back door was installed by the SoC manufacturer? But I guess we can't really know that. OTOH, there could also be a back door in the CPU, right? What makes the modem so "easy" to exploit? Thanks, Bernhard -- Encrypt emails. My GPG key is on public key servers. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists