how much havoc can a compromised baseband do to a Guardian ROM device?
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory? The firmware doesn't seem to be loaded at boot, so I presume it's entirely out of reach/ reversing?
On Mon, Jul 29, 2013 at 03:00:05PM +0200, Eugen Leitl wrote:
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory? The firmware doesn't seem to be loaded at boot, so I presume it's entirely out of reach/ reversing?
At a talk GNUtoo from Replicant did recently he covered the danger of some phones' layouts; slides linked from here: https://archive.fosdem.org/2013/schedule/event/android_freedom_and_replicant... Slide 39 has info about the Galaxy Nexus, explaining that the modem communicates with the main CPU over HSI, but how it talks to the GPS is unknown. They also warn that the camera does its work through shared memory, so could also be a vector for a slightly more imaginative attack. They didn't cover the Nexus 4, I don't know how similar the hardware is. Might be worth asking the Replicant team (http://replicant.us)
participants (2)
-
Eugen Leitl
-
Nick