alt Hacker News>do look interesting IF they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
Baseband vulnerabilities are overhyped, imo. On proper phones (eg. pixels), their access to memory is restricted by IOMMU, which protects the rest of the phone from being compromised if there's some sort of an exploit. Once that's factored in, most exploits you can think of are "on the other side of the airtight hatchway[1]". For instance if you can hack the baseband to steal traffic, you should probably be more worried about your carrier being hacked or getting a lawful intercept order. Or if you're worried about the phone triangulating itself, you should probably be more worried about your carrier getting hacked and/or selling your location data.
[1] https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...
Replies
Baseband vulnerabilities are overhyped, imo. On proper phones (eg. pixels), their access to memory is restricted by IOMMU, ...
That just kicks the can down the road to "Why should we fully trust the IOMMU?"
Granted, it does defend against the vast majority of actors.
> Baseband vulnerabilities are overhyped, imo. On proper phones (eg. pixels), their access to memory is restricted by IOMMU, which protects the rest of the phone from being compromised if there's some sort of an exploit.
Doesn't Google require all new Android-branded devices to isolate the baseband from the Android OS and applications?
I swear I read this somewhere in the last few years, though I can't seem to find any clear reference to it now. Hmmm.
> For instance if you can hack the baseband to steal traffic, you should probably be more worried about your carrier being hacked or getting a lawful intercept order.
Everything should use TLS/DTLS/QUIC, and an up-to-date PKI for obligatory certificate validation, otherwise I assume it's already being MITM'd by the NSA, every other three letter agency on the planet, corporate firewalls, and my ISP.