Full Disclosure mailing list archives
"the Fairphone is fatally flawed for security"
From: Bernhard Kuemel <bernhard () bksys at>
Date: Sun, 05 Jan 2014 03:55:12 +0100
Hi! The fairphone (http://www.fairphone.com/) is a socially fairly produced smartphone, similar to fairtrade products. http://replicant.us/2013/11/fairphone/ says: "However, things are not looking so good when it comes to evaluating the platform that was chosen for the Fairphone: the modem is embedded in the System on a Chip (SoC) which leads us to believe that it is poorly isolated from the rest of the platform and could access critical components such as storage, RAM, GPS and audio (microphone) of the device. If this was to be the case (we can only speculate about what the truth actually is), it would mean that the Fairphone is fatally flawed for security as it makes it possible for the phone to be converted to a remote spying device." Can you tell me what attack vectors might exploit this vulnerability? Does there need to be a back door in the SoC? Can that be exploited by sending "audio" signals to the modem? Or is this secure if no back door was installed by the SoC manufacturer? But I guess we can't really know that. OTOH, there could also be a back door in the CPU, right? What makes the modem so "easy" to exploit? Thanks, Bernhard -- Encrypt emails. My GPG key is on public key servers. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- "the Fairphone is fatally flawed for security" Bernhard Kuemel (Jan 04)
- Re: "the Fairphone is fatally flawed for security" coderman (Jan 04)