On Sun, Aug 11, 2013 at 1:28 PM, coderman <coderman@gmail.com> wrote:
... and then a baseband exploit easily walks under all of my protections at every layer, completely and fully 0wning my devices,
"I'm sorry. My responses are limited. You must ask the right questions." weaponized baseband exploits are difficult, expensive, architecture specific, and not used capriciously. this, among other reasons, is why there is such a dearth of information on them despite being proven exploitable with a wide attack surface for many years. related: """ Rupp said state-sponsored attackers are already using baseband processor attacks in airports but declined to go into details beyond saying that attacks could be carried out without the need to trick smartphones owners into opening an email or visiting a malicious website. Attacks might involve building a rogue GSM base-station from commodity hardware or run from the infrastructure of a 'co-operative" telco. It might also be possible to run attacks against baseband processors of phones using Wi-Fi or Bluetooth interfaces, according to GSMK Cryptophone. "Once you have control over the app CPU, you can in principle use that to load any code you want from the network," Rupp explained. "Since you have already successfully escalated your privileges on the system, no user interaction is necessary." """ http://www.theregister.co.uk/Print/2013/03/07/baseband_processor_mobile_hack... "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks" https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf "Anatomy of contemporary GSM cellphone hardware" https://gnumonks.org/trunk/presentation/2010/gsm_phone-anatomy/gsm_phone-ana... "Cellular baseband security" https://smartech.gatech.edu/handle/1853/43766 "Run-time firmware integrity verification: what if you can't trust your network card" http://cansecwest.com/csw11/Duflot-Perez_runtime-firmware-integrity-verifica...