[Replicant] [PATCH v2][ 11/11] freedom-privacy-security-issues: Improve the modem isolation description.

Paul Kocialkowski contact at paulk.fr
Wed Apr 20 09:45:15 UTC 2016


Le lundi 28 mars 2016 à 20:50 +0200, Denis 'GNUtoo' Carikli a écrit :
> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>

Please drop the final point in the commit title. Otherwise:
Acked-by: Paul Kocialkowski <contact at paulk.fr>

> ---
>  freedom-privacy-security-issues.php | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-
> issues.php
> index b78665e..6587da1 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -66,9 +66,10 @@
>  				Despite this situation, the modem remains a
> crucial part for privacy/security: it is nearly always connected to the GSM
> network, allowing for <a href="//www.gnu.org/philosophy/malware-mobiles.html">
> remote control</a>.
>  				The modem can be more or less damaging to
> privacy/security depending on what hardware it has access to and can control.
>  				That is to say, how isolated it is from the
> rest of the device.<br /><br />
> -				A device with bad modem isolation would allow
> the modem to access and control key parts of the hardware, such as the RAM,
> storage, GPS, camera, user I/O and microphone.
> -				This situation is terrible for
> privacy/security as it provides plenty of ways to efficiently spy on the user,
> triggered remotely over the mobile telephony network.
> -				Those are accessible to the mobile telephony
> operator, but also to attackers setting up fake base stations for that
> purpose.
> +				A device with bad modem isolation cannot
> prevent the modem from accessing and controlling key parts of the hardware.
> +				For instance the main CPU's RAM, its storage,
> the GPS, the camera, user I/O and the microphone.
> +				This situation is terrible for
> privacy/security as it provides plenty of opportunities to efficiently spy on
> the user, that could be triggered remotely over the mobile telephony network.
> +				That mobile telephony network is accessible
> to the mobile telephony operator, but also to attackers setting up fake base
> stations for that purpose.
>  				<a href="images/freedom-privacy-security-
> issues/good-modem-isolation.png" data-lightbox="current-situation" data-
> title="Good modem isolation"><img src="images/freedom-privacy-security-
> issues/good-modem-isolation.png" alt="Good modem isolation" style="width:
> 250px; float: right;"/></a>
>  				On the other hand, when the modem is well-
> isolated from the rest of the device, it is limited to communicating directly
> with the SoC and can only access the device's microphone when allowed by the
> SoC.
>  				It is then strictly limited to accessing what
> it really needs, which considerably reduces its opportunities to spy on the
> user.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20160420/7b111c2c/attachment.asc>


More information about the Replicant mailing list