Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

"the Fairphone is fatally flawed for security"
From: Bernhard Kuemel <bernhard () bksys at>
Date: Sun, 05 Jan 2014 03:55:12 +0100

Hi!

The fairphone (http://www.fairphone.com/) is a socially fairly produced
smartphone, similar to fairtrade products.

http://replicant.us/2013/11/fairphone/ says:

"However, things are not looking so good when it comes to evaluating the
platform that was chosen for the Fairphone: the modem is embedded in the
System on a Chip (SoC) which leads us to believe that it is poorly
isolated from the rest of the platform and could access critical
components such as storage, RAM, GPS and audio (microphone) of the
device. If this was to be the case (we can only speculate about what the
truth actually is), it would mean that the Fairphone is fatally flawed
for security as it makes it possible for the phone to be converted to a
remote spying device."

Can you tell me what attack vectors might exploit this vulnerability?
Does there need to be a back door in the SoC? Can that be exploited by
sending "audio" signals to the modem? Or is this secure if no back door
was installed by the SoC manufacturer? But I guess we can't really know
that. OTOH, there could also be a back door in the CPU, right? What
makes the modem so "easy" to exploit?

Thanks, Bernhard

-- 
Encrypt emails.
My GPG key is on public key servers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]