It'd be nice if someone designed a phone that architecturally resembled a computer attached to a mobile hotspot.
You could have an SoC of your choice for a user-facing operating system and a separate SoC with separate memory for the baseband and whatever the hell the carrier wants to push to the device. The operating system running on the user SoC could have a driver that allows it to get internet access from the baseband SoC over some high-bandwidth-but-not-memory-sharing bus.
Until I can buy something like this, my gpg and ssh keys are staying far away from my phone, which kind of sucks.
I recall reading an article years ago describing iPhone being architectured like this. Even if the baseband system is compromised, it don't have access to the rest of the system. And traffic from the rest of the system passing thru the baseband is mostly encrypted.
I don't know if it's true, but it makes sense given the, allegedly, crappy code base in Broadcoms firmwares.
>> "To protect the device from vulnerabilities in network processor firmware, network interfaces including Wi-Fi and baseband have limited access to application processor memory. When USB or SDIO is used to interface with the network processor, the network processor cannot initiate Direct Memory Access (DMA) transactions to the application processor. When PCIe is used, each network processor is on its own isolated PCIe bus. An IOMMU on each PCIe bus limits the network processor’s DMA access to pages of memory containing its network packets or control structures."
Although I guess it makes sense given that apple designs their own application processor SoCs and then has to use a separate (Qualcomm, Intel) modem rather than using a Snapdragon eight-something with everything talking to everything in the same package.
I'm not a huge Apple fan lately, and have never liked the iPhone, but this definitely seems like a pretty concrete bullet point for "iPhone is generally more secure than Android."
Well, the iPhone 6, released after the San Bernardino shooter incident involving an iPhone 5S, used PCI-e to talk to the NVMe.
For maximum speed (900MB/s), the NVMe in the 6 shipped data to/from the processor core using NVMe-side DMA bus mastering.
This begged the question: if you could hardware-MITM the communications between the NVMe and the main processor, and then reverse-engineer the way the DMA bus mastering was done... could you do arbitrary I/O on the main CPU?
Well, the NVMe has a package-embedded Cortex-M5 (actually a Cortex-R5) inside, which handles raw NAND interface, TRIM, sector reallocation, and related functionality. (It may operate at 200MHz.)
So... since the NVMe is PCI-e, it begs the question, could you possibly connect it to a PC? The answer is a solid YES, if you're motivated enough to commision the custom ZIF SOIC receptacle required. But it Just Works(TM)!
It turns out the firmware upgrades for this microcontroller were (at the time, at least) distributed in unencrypted iOS packages. This made it possible to understand the NVMe update process, fake the iPhone CPU side of the update sequence via the PC PCI-e connection, and exploit the firmware update code to write attacker-defined code into the host PC's memory - proving without a shadow of a doubt that the NVMe's PCI transciever fuses were configured for RDMA.
With this established, all you need to do is flip everything over and turn _the PC into a fake NVMe_ by creating a 2nd test rig (with a 2nd commission for the inverse of the SOIC socket) that hooks the PC PCE-e port to the iPhone CPU _via an FPGA_, figure out the various low-level steps involved in initialization before the RDMA bit is enabled...
...and discover that the iPhone 6 CPU doesn't IOMMU-protect the memory area where SecureROM is running from. (Since, at the point the NVMe is initialized, SecureROM is running and waiting for the NVMe to ping it so it can fetch and validate iBoot, the iOS stage2 bootloader).
Woops.
Maybe. Why didn't Apple IOMMU-protect the SecureROM area?!?
At least the guy who figured this out got $200k for his efforts.
Since I read the above I have 0% confidence in Apple device security.
To be fair, I highly doubt the 6's design phase started anytime after the incident, so maybe a "we don't need to push that far" carried through the life of the 6 project. I wonder if anyone tried to lobby to lock this down. Or maybe Apple doesn't care if people push that hard? Or maybe...
I mean, it seems kind of reasonable to assume that it's game over once an adversary gains physical access to the device, let alone MITMing busses inside the phone.
I was mostly concerned about what horrible things could be done via OTA updates from the carrier (or payloads designed to look like carrier OTA updates, since apparently they're rarely encryoted).
In the case of ultra-portable devices (that are all the more easily stolen) there should be a measure of physical security though. I also use the iPhone 6 example because the San Bernadino shooter's 5S was physically confiscated by police.
This being said, wireless vulnerabilities are indeed a high priority. You're probably already aware of the various vulnerabilities suffered by Broadcom Wi-Fi chipsets used in almost all phones.
Your concerns regarding cellular encryption are made all the more valid because of the extremely high political sensitivity of surfacing _anything_ that would even remotely suggest that encryption is not being used (classical security by obscurity). Someone asked for a cellular encryption indicator in Android 9 years ago, and I thought the response they received was very very insightful and gave a lot of food for thought. Slowly reading between the lines of every official reply is necessary. https://issuetracker.google.com/issues/36911336
You could have an SoC of your choice for a user-facing operating system and a separate SoC with separate memory for the baseband and whatever the hell the carrier wants to push to the device. The operating system running on the user SoC could have a driver that allows it to get internet access from the baseband SoC over some high-bandwidth-but-not-memory-sharing bus.
Until I can buy something like this, my gpg and ssh keys are staying far away from my phone, which kind of sucks.