[Replicant] Samsung Galaxy S6 Edge baseband exploit
Simon Josefsson
simon at josefsson.org
Wed Nov 18 08:01:36 UTC 2015
I assume the attack only works because the baseband chip have access to
the microphone. Do we know to what extent the baseband chip in
Replicant-supported phone have access to various sensors in the phone?
I recall that at least Samsung S2/S3 are thought to be relatively okay
in this regard, but I'm wondering if that is just because nobody knows
of an exploit, or because we have some insight into how the wiring
actually works.
/Simon
> Did you read the source-link?
>
> It's legitimate, that a baseband chipset vulnerability (hardware)
> could, (as it is in this case) be exploitable without the notice of
> Android (software).
> In other words, the baseband runs and is in this case independent
> from the Android version. So I personally don't expect an Android fix
> for that; instead Samsung have to fix their baseband, that the
> firmware can't be, (invisible for the end user) replaced with an
> malicious one.
>
> But the two security researchers, (from your twitter link and my
> source link) say, that they found the vulnerability in the "Shannon"
> baseband chipset line - so like I said: "just modern Samsung devices
> (like S6, S6 Edge and Note 4) are affected".
>
> For example, the Samsung Galaxy S2 seems to use an "(Infineon) X-Gold
> 626 [labelled: PMB9811] Baseband",
> (which is also available under following alternative names: Infineon
> IFX6260, Intel IMC6260, Intel XMM626).
> Source: http://forum.xda-developers.com/showthread.php?t=1483053
>
> The Samsung Galaxy S3 seems to use an "(Intel Wireless) [labelled:
> PMB9811X] Gold Baseband",
> source:
> https://www.ifixit.com/Teardown/Samsung+Galaxy+S+III+Teardown/9391
>
> For now, IMHO explicit this attack, (which I think that was your
> question) doesn't affect any Replicant compatible device.
>
> Cheers!
>
>
> On 13.11.2015 05:07, Brian Kemp wrote:
> > No. According to the twitter post, it was invisible to Android. It
> > would
> > be similarly invisible to Replicant.
> >
> > On 11/12/2015 06:31 PM, Moritz Bandemer wrote:
> >> On 13.11.2015 00:10, John Sullivan wrote:
> >>> Instructive example..
> >>>
> >>> https://twitter.com/kutyacica/status/664623913305944064
> >>>
> >>> Anything Replicant can or does do to guard against this kind of
> >>> attack?
> >>>
> >>> -john
> >>
> >> AFAIK, (for now) only Samsung’s "Shannon" line of baseband chips
> >> are vulnerable to this explicit attack.
> >> Means, just modern Samsung devices (like S6, S6 Edge and Note 4)
> >> are affected, which are not supported by Replicant, yet.
> >> Source: http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1
> >> _______________________________________________
> >> Replicant mailing list
> >> Replicant at lists.osuosl.org
> >> http://lists.osuosl.org/mailman/listinfo/replicant
> >
> >
> > _______________________________________________
> > Replicant mailing list
> > Replicant at lists.osuosl.org
> > http://lists.osuosl.org/mailman/listinfo/replicant
> _______________________________________________
> Replicant mailing list
> Replicant at lists.osuosl.org
> http://lists.osuosl.org/mailman/listinfo/replicant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20151118/bebc8f68/attachment.asc>
More information about the Replicant
mailing list