[tor-dev] how much havoc can a compromised baseband do to a Guardian ROM device?

Nathan Freitas nathan at freitas.net
Mon Jul 29 13:26:43 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/29/2013 09:00 AM, Eugen Leitl wrote:
> Anyone knows whether a Nexus 4 baseband processor has r/w access to
> system memory? The firmware doesn't seem to be loaded at boot, so I
> presume it's entirely out of reach/ reversing?

- From what I know, there has been nothing specific done (yet) in the
Guardian ROM work to combat baseband attacks.

Something interesting about the Nexus 4:
http://www.ifixit.com/Teardown/Nexus+4+Teardown/11781/3

It appears to have two separate "modem" chips, perhaps related to
extended support for LTE:

Qualcomm WTR1605L Seven-Band 4G LTE chip
Qualcomm MDM9215M 4G GSM/UMTS/LTE modem

Searching for either of those parts online reveals a good amount of
documentation, but not many specifics related to Android.

+n
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR9m2TAAoJEKgBGD5ps3qp6BwQAIPEGGisxIWlz8TYO3409UYY
oRLHs2J+pNeZ+FUL06lylwM2di2PeL0fZIv9g48yKegR3+9/3XkP9w2zUakj6zJa
rMpSZ8Gl4YFxNFbT/ukAyaKxKezyhxPELjSihB/tJI5puYQcuhu9bMR2KrmhITiZ
yghUDMJ5Wp+ETeA/+CKzw172hMT1gTz1ennYXotFFIZK+Ac0ucTud9JaAf4PsHM5
hfnDfQxsq4MlmBO6737WL9ilJqRTjUBO9t1BtoRVOQ/j/lcff7F0tSzxy3mxOAOe
0bm8Ox1n5POvMDNucytrGdopl+PPwewPZVtl5GjGXNsp9TsVm6Hdpl4xE3CyVyUI
pdZStfiWWZ0Xz/LNAaErT7cORp5O/H0O9vtu2CYeQtH3w8k9ngPgBYkqbklJwpwA
XwkmzeOYSdvTfmylsENhcWNjv58qprQFV6mMVwfZzPdj1Ik0dTlGIX7GYQoFjLhz
oPk51/AjOrk8S66ySequSJto8Ngk8R5EsWABrw5ed5QjEJuictLUO1aLTBUqRVCB
eOrkkiL2wPOVYfywqwzCpJovDcIvupiEdO2O0eJ9FGWbyQ2uasp5mMZXKblG8kjs
6BpqnRhjBBowCs8eOu6poDg/fm/OFrbiifY2inrr++TposIsiCriETrhVVZEqa9G
XQE/4+Ujxenno2zYMSKq
=beLf
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list