Oh Good Grief!
Please, will someone somewhere just implement something properly, just for once?
Modern Samsung devices including the S6, S6 Edge and Note 4 can have phone calls intercepted using malicious base stations, according to initial research findings from two researchers. Daniel Komaromy and Nico Golde demonstrated the attacks on Samsung's 'Shannon' line of baseband chips today at the Mobile Pwn2Own competition …
It is rather worrying that someone with a computer and a small antenna, plus the OpenBTS code, can install a BTS and make it look like it's connected to a proper mobile network *and* allow calls to a PSTN (I have my doubts that it actually is as the connections to the MSC/GSN/MME/SGW - dependent on tech - are not automatically handed out to anyone that wants one). Call setup signalling does not stop at the BTS, and requires cooperation from a core network node, which includes authentication and encryption.
Perhaps they've done something clever to make a firmware patch that bypasses a lot of this (including getting it distributed by the BTS rather than the device management function sitting in the core), but I still think there is detail missing from the article as to other dependent bits in the implementation.
> The Register would speculate that since the Qualcomm silicon in question isn't unique to Samsung kit, other researchers are probably setting to work on other phones as you read this.
Earlier in the article you said it was the Samsung Shannon chipset. Qualcomm or Samsung? Inquiring minds need to know ...
This is bigger than voice. Normally the baseband processor (BPC) and OS running on it swaps data with the main OS by reading/writing to some shared memory in RAM, plus some semaphores etc and a couple of hardware interrupts. Unfortunately it's common for no-one to lock down the permissions the BPC has, so that it actually has read/write access to a device's entire RAM. It can then search for crypto keys or data in the clear and exfiltrate them, root the main OS, etc.
The solution for this problem is simple, and it comes to re-evaluating your threat model. Don't treat the BPC and Qualcomm OS running on it as trusted components - treat them as potentially malicious. Limit read/write access from the BPC using the ARM xPUs, specifically the Memory Protection Unit. Unfortunately this is not wholly trivial, as when Qualcomm changes the memory ranges they use then you have to update your memory regions on the protection unit - Qualcomm and memory ranges are a bit like MS-RPC and firewalls...
I guarantee that few phone devs have done the relevant work, as it's a security thing which won't be prioritised, and most trust Qualcomm. Which has been found to be idiotic, if they don't implement any kind of signing checks for BPC updates...
i am having a tough time believing this one, for several reasons.
one, i may be a simpleton,
two, mitm's are still viable vector in this day n age, ???
holy moly i'm missing something, how can the hardware defer so much security (adj.) between components without a pertinent syn, ack security (verb.) challenge.
it seems to me that would be the kind of thing you pay wisp devs to hard code to units, again, i may be wrong here.
i guess if you want your roaming in billy basic SE Asia, APac or E Europe this is the price you pay?
"The malicious base station then pushes firmware to the phone's baseband processor"
While in this particular case it was used for a MitM attack, far more worrying is the fact that apparently any random can install arbitrary code to a phone simply by pretending to be a mobile mast. Why is it even possible to push software onto a phone without notification or input from the user? Low-level software like firmware has far more potential for screwing things up if it's faulty or malicious, so there should be more security for it, not less, or apparently none at all.
I don't know if you've caught any of "Hunted" but the ability of the spooks to clone phones thanks to I-Cloud is quite worrying.
Let's face it, if someone is able to put up fake base stations then intercepting all our data isn't going to be that hard for them. With or without additional "help" from the manufacturers.
I assume you've already read this page (about Android 6.0), and found it lacking your phone. Just part of the scheme to get you to buy more expensive phones. :(
Unfortunately, you can't port an identical LG Stylo from MetroPCS ($150) to TMobile ($289) and get onthe upgrade train...
Since VAT is charged on top of the daily rate and the client then simply offsets it against their own VAT bill - this is not actual net revenue generated for HMRC and is not the same as paying income tax.
However a one month period is too short, I would see three months as reasonable.
But the tax avoidance by personal service companies is too blatant to ignore, they even get all the dividend tax breaks intended for genuine entrepreneurs. it's time that a minimum tax percentage was paid by everyone regardless of the journey that the money has taken to their bank account.
Landlords should pay National Insurance as well.
Biting the hand that feeds IT © 1998–2021