DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th August 2020
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default Lots of vulnerabilities in smartphone's DSPs

Smartphones are dubbed as the Swiss Army Knife of Technology. Many features are backed by so-called Digital Signal Processor. It turns out DSPs have lots of vulnerabilities.
Researchers warn of an Achilles' heel security flaw for Android phones
Quote:
The chip's wide range of possibilities, however, mean it's ripe for abuse from hackers, warn researchers at Check Point, a cybersecurity firm. In a Defcon presentation scheduled for Friday, researcher Slava Makkaveev is expected to demonstrate how these processors are essentially gateways for attackers to get control over Android devices.
Makkaveev looked at the Qualcomm Snapdragon chip, which is in more than 40 percent of Android devices, and found more than 400 vulnerabilities. A potential hacker could create a malicious app that exploits these vulnerabilities to bypass the usual security checkpoints and take data, including photos, videos and location information.
I only hope these vulnerabilities do not allow 0-click remote code execution (the same way Intel AMT does).
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #2   (View Single Post)  
Old 7th August 2020
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

I bet IdOp feels vindicated, though.
Reply With Quote
  #3   (View Single Post)  
Old 8th August 2020
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

Lol, well, I don't know, I still have proprietary liveware vulnerabilities.

Thank you to e1-531g for the original post, the link was interesting to read.
Reply With Quote
  #4   (View Single Post)  
Old 9th August 2020
thirdm thirdm is offline
Spam Deminer
 
Join Date: May 2009
Posts: 248
Default

Have android phones always had these DSPs? The newest of the phones I've collected is from 2015. I suppose it's vulnerable to many things besides this though, not having been updateable since 2016.

Are any NetBSD developers trying to port to phones, like the way debian has a slow burn effort to do, and postmarketOS is working very hard at? Or would that even help with this kind of vulnerability? I'm profoundly ignorant of android device architecture. Is the dsp on the side the operating system runs on or over on the baseband chip side?
Reply With Quote
  #5   (View Single Post)  
Old 9th August 2020
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

Don't know about NetBSD but s.o. booted FreeBSD on the Pinephone.
Reply With Quote
  #6   (View Single Post)  
Old 10th August 2020
thirdm thirdm is offline
Spam Deminer
 
Join Date: May 2009
Posts: 248
Default

I'm so tempted to get one of those pine phones or their laptops.

Here's NetBSD booting on a Nokia N900:

https://dmesgd.nycbug.org/index.cgi?do=view&id=3003

So maybe some are quietly working on phone support.
Reply With Quote
  #7   (View Single Post)  
Old 29th August 2020
thirdm thirdm is offline
Spam Deminer
 
Join Date: May 2009
Posts: 248
Default

Today I noticed a roadmaps directory in the NetBSD source tree with a file about mobile devices. It was last updated three years ago, so the situation may have since changed, but it doesn't look like there was much going on then, at least nothing known to the person who was good enough to update these roadmaps:

http://cvsweb.netbsd.org/bsdweb.cgi/..._with_tag=HEAD

It seems to me that for the time being Linux + the free software efforts on middleware and touch screen UIs is the only hope for a freely licensed (okay, some of you may not consider Linux's license to be free) non-android or iOS phone operating system. As a casual observer, PostmarketOS looks like the best bet of those efforts that are not trying to make Android with a different license, but I don't know all the efforts
Reply With Quote
  #8   (View Single Post)  
Old 9th September 2020
bradley bradley is offline
Fdisk Soldier
 
Join Date: Jul 2020
Posts: 53
Default

There was a project, which is related to defora.org (it's still active on github). Not sure how far they got.

https://www.bsdcan.org/2013/schedule...ments/246_Call your NetBSD.pdf

I guess postmarketOS is indeed your best bet (tailored for the pinephone). There is also Maemo Leste, which is Devuan based. Sailfish is also good, which OS has Linux roots. And UBports, which is Ubuntu Touch. The Librem 5 development PureOS (with Posh) is Debian/Gnome based if I recall correctly. I like postmarketOS with their Alpine base.
Reply With Quote
Reply

Tags
android, digital signal processor, smartphone

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Snowden's Working with Bunnie Haung to disable SmartPhone Tracking shep News 1 25th July 2016 03:10 PM
Mount Samsung Smartphone jjstorm OpenBSD General 6 2nd April 2016 01:41 AM
French parliament votes to penalise smartphone makers over encryption J65nko News 8 10th March 2016 08:47 PM
FreeBSD NeXTBSD Is Creating Lots Of BSD Excitement J65nko News 0 30th August 2015 04:01 PM
"thread taskq" process consumes lots of CPU relev FreeBSD General 0 23rd July 2008 02:03 PM


All times are GMT. The time now is 05:23 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick