[Replicant] Samsung Galaxy S6 Edge baseband exploit

Moritz Bandemer replicant at posteo.mx
Fri Nov 13 11:24:32 UTC 2015


Did you read the source-link?

It's legitimate, that a baseband chipset vulnerability (hardware) could, 
(as it is in this case) be exploitable without the notice of Android 
(software).
In other words, the baseband runs and is in this case independent from 
the Android version. So I personally don't expect an Android fix for 
that; instead Samsung have to fix their baseband, that the firmware 
can't be, (invisible for the end user) replaced with an malicious one.

But the two security researchers, (from your twitter link and my source 
link) say, that they found the vulnerability in the "Shannon" baseband 
chipset line - so like I said: "just modern Samsung devices (like S6, S6 
Edge and Note 4) are affected".

For example, the Samsung Galaxy S2 seems to use an "(Infineon) X-Gold 
626 [labelled: PMB9811] Baseband",
(which is also available under following alternative names: Infineon 
IFX6260, Intel IMC6260, Intel XMM626).
Source: http://forum.xda-developers.com/showthread.php?t=1483053

The Samsung Galaxy S3 seems to use an "(Intel Wireless) [labelled: 
PMB9811X] Gold Baseband",
source: 
https://www.ifixit.com/Teardown/Samsung+Galaxy+S+III+Teardown/9391

For now, IMHO explicit this attack, (which I think that was your 
question) doesn't affect any Replicant compatible device.

Cheers!


On 13.11.2015 05:07, Brian Kemp wrote:
> No. According to the twitter post, it was invisible to Android. It 
> would
> be similarly invisible to Replicant.
> 
> On 11/12/2015 06:31 PM, Moritz Bandemer wrote:
>> On 13.11.2015 00:10, John Sullivan wrote:
>>> Instructive example..
>>> 
>>> https://twitter.com/kutyacica/status/664623913305944064
>>> 
>>> Anything Replicant can or does do to guard against this kind of 
>>> attack?
>>> 
>>> -john
>> 
>> AFAIK, (for now) only Samsung’s "Shannon" line of baseband chips are
>> vulnerable to this explicit attack.
>> Means, just modern Samsung devices (like S6, S6 Edge and Note 4) are
>> affected, which are not supported by Replicant, yet.
>> Source: http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1
>> _______________________________________________
>> Replicant mailing list
>> Replicant at lists.osuosl.org
>> http://lists.osuosl.org/mailman/listinfo/replicant
> 
> 
> _______________________________________________
> Replicant mailing list
> Replicant at lists.osuosl.org
> http://lists.osuosl.org/mailman/listinfo/replicant


More information about the Replicant mailing list