The optimist: Maybe it's just a way to circumvent the phone for maintenance if the main software has buggered somehow. It's used only for problem solving and such
The pessimist: No way is this only in Samsung phones
The developers of Replicant, a pure free-software version of Android, claim to have discovered a security hole in certain Samsung Galaxy phones and tablets – one so serious that it could potentially grant an attacker remote access to the device's file system. Among the devices said to be vulnerable are the Nexus S, Galaxy S, …
And your closed source phone doesn't have any extra CPUs in the modem or screen or camera?
And you know that these extra CPUs don't have bus access?
And you know there are no errors in the OS - like a 10year old hole when displaying JPEGs - whihc give them unrestricted access
But at least you know that it doesn't matter because your commercial OS is pawned by a NSL anyway
No, amusement is all ours to see how naive you really are. Any_Proprietary_OS_ has all those delicacies out of the box, it is a big fat back door, by definition. The sad part here is that you might not be able to verify it in any way other than through some kind of back-engineering.
And on top of that, it might be either impossible or very hard to load an alternative, open OS on the device at all. So Win Phone and surfaces are to be ruled out right there.
So they've found a back door frame. It might have a solid, well locked door in it or it might have something bad people can sneak through.
Granted, the software should be resticting permissions as much as it can, but there really is no smoking gun, or even gun.
These data, as hardware becomes both more capable AND more integrated, it is getting harder to verify security just at the software level.
It is getting common for ethernet controllers, modems, etc to become more capable with complex software stacks. Many of these sit on the bus as a bus master and can access all the system resources (RAM, peripherals,...) just as easily as the CPU can. It is very much technically feasible to get these devices to snoop memory and access resource.
At that level of integration, the OS permissions etc just don't matter since the OS and the CPU are not even part of the picture.
If I understand it correctly, the issue here is that the modem software has a relatively high-level interface to the phone's file system. That's different to a peripheral sitting on the same bus as the CPU.
The latter, as you say, is a default consequence of current designs, but the former is a deliberate design decision, and one I find hard to justify for innocent purposes.
"If I understand it correctly, the issue here is that the modem software has a relatively high-level interface to the phone's file system. That's different to a peripheral sitting on the same bus as the CPU."
No.
The issue is the RF MODEM software is not a separate process running on the standard ARM but a separate processor implementing the Android interface by executing software on it's own processor.
And with a whole bunch of extra commands as well.
...or does Replicant, screaming "SECURITY HOLE! (you can avoid it with OUR operating system)" just sound a little bit like sensationalist panic-driving advertising?
Reference (para 10): "The solution, Kocialkowski says, is to replace the device's stock Android firmware with a purely free-software OS, such as Replicant."
Meh. Because, well.
No, because they aren't claiming Replicant would fix this hole. If there's a separate lower level (realtime, no doubt) OS running on the modem, it wouldn't matter what OS is running on the main CPU. Maybe this is something they discovered while replacing various proprietary bits of Android and had to write the interface that talks to the modem.
Definitely want to learn more about this, and what modems may be vulnerable. Maybe the NSA doesn't care if a phone is running Android, iOS, Blackberry or WP, if they've got a way to break into the Qualcomm modem's OS to do what they want...
"No, because they aren't claiming Replicant would fix this hole."
Yes they are: "THE SOLUTION, Kocialkowski says, is to replace the device's stock Android firmware with a purely free-software OS, such as Replicant."
And there's the fact that they cover themselves frequently by stating it's not actually something unique to samsung and is common elsewhere - e.g. "And because this processor runs a proprietary operating system – like virtually all phone modems do".
While this is very likely an issue that should be addressed with device manufacturers, this sounds very much like it's primary purpose was to generate awareness of their OS coupled with a bit of fear to get people to use it.
> Yes they are: "THE SOLUTION, Kocialkowski says, is to replace the device's stock Android firmware with a purely free-software OS, such as Replicant."
Caps yours and no, they're not.
"He cautioned, however, that if the modem can potentially take full control of the device's main application processor, further remote exploits may still be possible, including ones that even an OS replacement like Replicant can't block."
That's a responsible warning, not a sales drive. Not that a sales drive for free software is exactly common except among evangelists on the Reg's comment boards anyway.
It all depends on how the modem is connected to the rest of the system, really. If it is connected via a serial link, it needs a program on the main CPU to communicate with the modem and execute its (evil) commands. AFAIK most modem chips work this way.
What they claim (as a warning) is that they can only close the hole at the processor by not implementing those (evil) commands. However, nothing stops the modem from intercepting and forwarding any traffic that passes through it, since it is a closed system with its own firmware.
So yes, the close the security hole regarding access to your data/files, but other mishaps are still possible.
It's probably all a matter of perspective, but if it provides privileged access to the user's data and it is not possible for the user to disable it, then I'd say it certainly is a security weakness.
If in addition it is undocumented and not necessary for the correct operation of the device, then I have no doubt that 'Backdoor' is the correct term. It doesn't really matter what its purpose is.
Here I was thinking that Android apps reading/writing or even deleting your contacts, shared files etc, etc, etc without you being able to stop it was bad, now this ... hm ... I do guess this affects all mobile phones, not just smartphones, and certainly not just phones from one vendor if the OS with the backdoor running on that radio ship is Qualcomm's.
I also think phones are insecure by design for a reason.
Shit, choppers again, c ya l8er [crawl, crawl, crawl]
I'm associated with the Replicant project with my work on reverse-engineering the MEIF protocol for GNSS/GPS chipsets to create an open-source replacement for the current binary blobs that implement location services.
I think Paul has misunderstood the architecture and purpose of these master-slave System on Chip (SOC) designs - the applications CPU is a co-processor under control of the boot CPU.
I've reverse engineered several 'smart' phones with dual-CPU architectures where the baseband real-time executive OS is something like REXX/AMSS running on the boot CPU and the user interface OS is Android/Linux or Windows Phone running on the application CPU.
Internal flash memory is partitioned and some partitions are used for read/write data by the real-time executive. At power-on the boot CPU has exclusive access to the flash partitions.
However, once the boot CPU has initialised the application CPU and handed over control to the secondary boot loader on the application CPU, which in turn loads the kernel and the root file-system, it cannot directly access the flash partitions without risking corruption.
From that point on the application CPU OS has exclusive control of the flash memory. If the boot CPU needs to access it that has to be done via shared memory or other RPC mechanisms.
These are required for Firmware Over The Air (FOTA) updates and access to other partitions containing OS and user configuration data, including such things as touch-screen calibration data.
The default configuration of the tools used to make apps (for both Apple and Android) appear to default to settings that allow access to things on your phone that nobody in their right mind would give permission to.
Why does any app need permission to dial numbers, scrape or delete contacts, change various parameters etc etc especially stuff like Flappy Birds?
" The default configuration of the tools used to make apps (for both Apple and Android) appear to default to settings that allow access to things on your phone that nobody in their right mind would give permission to."
No they don't - not on Android, at least.
It is true that if an app is built using an old SDK level where a newer permission didn't exist, for compatibility reasons that app will be granted said permission automatically on devices where the permission does exist.
Also, it can be argued that some of the permissions aren't granular enough (For instance, Candy Crush saga requests 'read details of installed apps' so that it can bug you in game to install some of their other games if you haven't already - it would be nice if such a permission could be restricted to apps from the same author, for example)
"Why does any app need permission to dial numbers, scrape or delete contacts, change various parameters etc etc especially stuff like Flappy Birds?"
Generally, excess permissions are a requirement of in-app advert SDK's - I'm sure you can draw your own conclusions on that!
It's also a pain that there is no mechanism for apps to request permissions that are optional, and can be rejected, allowing an app to be run with reduced functionality.
But yeah, many apps do request excessive pernissions - either out of authors ignorance, or more evil reasons!