how much havoc can a compromised baseband do to a Guardian ROM device?
Nick
cypherpunks-list at njw.me.uk
Mon Jul 29 06:58:47 PDT 2013
On Mon, Jul 29, 2013 at 03:00:05PM +0200, Eugen Leitl wrote:
>
> Anyone knows whether a Nexus 4 baseband processor has r/w
> access to system memory? The firmware doesn't seem to be
> loaded at boot, so I presume it's entirely out of reach/
> reversing?
At a talk GNUtoo from Replicant did recently he covered the danger
of some phones' layouts; slides linked from here:
https://archive.fosdem.org/2013/schedule/event/android_freedom_and_replicant/
Slide 39 has info about the Galaxy Nexus, explaining that the modem
communicates with the main CPU over HSI, but how it talks to the GPS
is unknown. They also warn that the camera does its work through
shared memory, so could also be a vector for a slightly more
imaginative attack. They didn't cover the Nexus 4, I don't know how
similar the hardware is. Might be worth asking the Replicant team
(http://replicant.us)
More information about the cypherpunks
mailing list