how much havoc can a compromised baseband do to a Guardian ROM device?

Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory? The firmware doesn't seem to be loaded at boot, so I presume it's entirely out of reach/ reversing?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/29/2013 09:00 AM, Eugen Leitl wrote:
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory? The firmware doesn't seem to be loaded at boot, so I presume it's entirely out of reach/ reversing?
- From what I know, there has been nothing specific done (yet) in the Guardian ROM work to combat baseband attacks. Something interesting about the Nexus 4: http://www.ifixit.com/Teardown/Nexus+4+Teardown/11781/3 It appears to have two separate "modem" chips, perhaps related to extended support for LTE: Qualcomm WTR1605L Seven-Band 4G LTE chip Qualcomm MDM9215M 4G GSM/UMTS/LTE modem Searching for either of those parts online reveals a good amount of documentation, but not many specifics related to Android. +n -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJR9m2TAAoJEKgBGD5ps3qp6BwQAIPEGGisxIWlz8TYO3409UYY oRLHs2J+pNeZ+FUL06lylwM2di2PeL0fZIv9g48yKegR3+9/3XkP9w2zUakj6zJa rMpSZ8Gl4YFxNFbT/ukAyaKxKezyhxPELjSihB/tJI5puYQcuhu9bMR2KrmhITiZ yghUDMJ5Wp+ETeA/+CKzw172hMT1gTz1ennYXotFFIZK+Ac0ucTud9JaAf4PsHM5 hfnDfQxsq4MlmBO6737WL9ilJqRTjUBO9t1BtoRVOQ/j/lcff7F0tSzxy3mxOAOe 0bm8Ox1n5POvMDNucytrGdopl+PPwewPZVtl5GjGXNsp9TsVm6Hdpl4xE3CyVyUI pdZStfiWWZ0Xz/LNAaErT7cORp5O/H0O9vtu2CYeQtH3w8k9ngPgBYkqbklJwpwA XwkmzeOYSdvTfmylsENhcWNjv58qprQFV6mMVwfZzPdj1Ik0dTlGIX7GYQoFjLhz oPk51/AjOrk8S66ySequSJto8Ngk8R5EsWABrw5ed5QjEJuictLUO1aLTBUqRVCB eOrkkiL2wPOVYfywqwzCpJovDcIvupiEdO2O0eJ9FGWbyQ2uasp5mMZXKblG8kjs 6BpqnRhjBBowCs8eOu6poDg/fm/OFrbiifY2inrr++TposIsiCriETrhVVZEqa9G XQE/4+Ujxenno2zYMSKq =beLf -----END PGP SIGNATURE-----

On Mon, 29 Jul 2013 15:00:05 +0200 Eugen Leitl <eugen@leitl.org> wrote:
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory?
How does this relate to tor development? -- Andrew http://tpo.is/contact pgp 0x6B4D6475

On 07/29/2013 09:44 AM, Andrew Lewman wrote:
On Mon, 29 Jul 2013 15:00:05 +0200 Eugen Leitl <eugen@leitl.org> wrote:
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory? How does this relate to tor development?
It is a bit of a tangent, but understanding new ways in which Tor running on a smartphone might be compromised could be useful. Otherwise, happy to have the thread move here: https://lists.mayfirst.org/mailman/listinfo/guardian-dev +n

On Mon, Jul 29, 2013 at 09:44:52AM -0400, Andrew Lewman wrote:
On Mon, 29 Jul 2013 15:00:05 +0200 Eugen Leitl <eugen@leitl.org> wrote:
Anyone knows whether a Nexus 4 baseband processor has r/w access to system memory?
How does this relate to tor development?
In that Nexus 4 is the major supported platform for http://shadowdcatconsulting.com/ which comes with Orbot http://shadowdcatconsulting.com/apps/ and I know that tor-dev is read by people with clue, who ought to know the answer to my question and are interested in (semi-)trusted hardware for personal communication.
participants (3)
-
Andrew Lewman
-
Eugen Leitl
-
Nathan Freitas