On 09/05/2014 11:28 AM, stef wrote:
On Thu, Sep 04, 2014 at 05:57:17PM -0700, coderman wrote:
bit more detail here: https://www.sba-research.org/wp-content/uploads/publications/AdrianDabrowski...
catchercatcher has been presented in 2011: http://events.ccc.de/congress/2011/Fahrplan/attachments/1994_111217.SRLabs-2...
SRLabs' works are covered and extended in the new paper by Adrian, a very good read.
..based on the word of a company that markets "firewalled baseband phones" and cites personal research in undisclosed locations instead of releasing actual data.
I agree. I was asked to review and test a CryptoPhone (and I still use it daily). The warnings err on the cautious side of things and single events only rarely/never mean a real attack. Unless we see more data, this is completely marketing bullshit. As someone who tries to move forward an Open Source implementation of something like their (quite limited) Baseband Monitor (misleadingly called Baseband Firewall), I am pretty annoyed by their patent: https://patentimages.storage.googleapis.com/pdfs/US20140004829.pdf -- especially given that Frank Rieger, the owner of the patent, is official speaker for the CCC and should know better. http://esdamerica.com/ ("Manufacturer of CryptoPhone" - which is bullshit, since they use unmodified Samsung S3 hardware) "ESD America’s team maintains operational security and confidentiality for our clients. Clients include Government, Intelligence, Police, Military, Narcotics Task Forces and Royalty. Products are centred on intelligence gathering, surveillance, reconnaissance and encryption as well as sourcing other specialised products and training." *shakes head*