[Replicant] Samsung Galaxy S6 Edge baseband exploit
Moritz Bandemer
replicant at posteo.mx
Fri Nov 13 11:24:32 UTC 2015
Did you read the source-link?
It's legitimate, that a baseband chipset vulnerability (hardware) could,
(as it is in this case) be exploitable without the notice of Android
(software).
In other words, the baseband runs and is in this case independent from
the Android version. So I personally don't expect an Android fix for
that; instead Samsung have to fix their baseband, that the firmware
can't be, (invisible for the end user) replaced with an malicious one.
But the two security researchers, (from your twitter link and my source
link) say, that they found the vulnerability in the "Shannon" baseband
chipset line - so like I said: "just modern Samsung devices (like S6, S6
Edge and Note 4) are affected".
For example, the Samsung Galaxy S2 seems to use an "(Infineon) X-Gold
626 [labelled: PMB9811] Baseband",
(which is also available under following alternative names: Infineon
IFX6260, Intel IMC6260, Intel XMM626).
Source: http://forum.xda-developers.com/showthread.php?t=1483053
The Samsung Galaxy S3 seems to use an "(Intel Wireless) [labelled:
PMB9811X] Gold Baseband",
source:
https://www.ifixit.com/Teardown/Samsung+Galaxy+S+III+Teardown/9391
For now, IMHO explicit this attack, (which I think that was your
question) doesn't affect any Replicant compatible device.
Cheers!
On 13.11.2015 05:07, Brian Kemp wrote:
> No. According to the twitter post, it was invisible to Android. It
> would
> be similarly invisible to Replicant.
>
> On 11/12/2015 06:31 PM, Moritz Bandemer wrote:
>> On 13.11.2015 00:10, John Sullivan wrote:
>>> Instructive example..
>>>
>>> https://twitter.com/kutyacica/status/664623913305944064
>>>
>>> Anything Replicant can or does do to guard against this kind of
>>> attack?
>>>
>>> -john
>>
>> AFAIK, (for now) only Samsung’s "Shannon" line of baseband chips are
>> vulnerable to this explicit attack.
>> Means, just modern Samsung devices (like S6, S6 Edge and Note 4) are
>> affected, which are not supported by Replicant, yet.
>> Source: http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1
>> _______________________________________________
>> Replicant mailing list
>> Replicant at lists.osuosl.org
>> http://lists.osuosl.org/mailman/listinfo/replicant
>
>
> _______________________________________________
> Replicant mailing list
> Replicant at lists.osuosl.org
> http://lists.osuosl.org/mailman/listinfo/replicant
More information about the Replicant
mailing list