A mobile smartphone has two primary processing units: its baseband processor (BP) and its application processor (AP).
See details from Weinmann's 2012 paper "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks":
“the majority of modern smartphones contain at least two CPUs, the application processor, which handles the user interface and runs the applications installed by the user and a second CPU, the baseband processor, that handles connectivity to the cellular network.
Some smartphone designs use a shared-memory architecture where the baseband processor can access all of the application processor’s memory space while other designs have better isolation, i.e. the baseband processor and the application processor have separate memories and exchange messages through dedicated communication channel”.
"Successful exploitation of memory corruption in GSM baseband software stacks provides an attacker with access to privacy-relevant hardware of the telephone."
"Audio routing on the majority of chipsets is done on the baseband CPU, which means that it has access to the built-in microphone; similarly for built-in cameras."
"An attacker that has taken control over the baseband side of a telephone can monitor a user completely transparently – without visibility of the compromise from the side of the application CPU."
"Furthermore, given the large quantities of RAM available to the baseband on some phones, surreptitious room monitoring is possible: Simply record the audio from the microphone and store the compressed audio data to ring buffer in RAM. The payload then waits until a data connection is established and piggy-backs onto it, sending out the compressed recording to a server of its choice."
"A second obvious set of problems revolves around billing issues: once the attacker has control over the baseband he can place calls, send premium SMSes or cause large data transfers unbeknownst to the owner of the phone. This obviously can cause problems for both carriers and end-users."
Use a smartphone with a built-in baseband firewall which detects attacks against the phone's baseband processor. The solution is available to private individuals, businesses and organisations, and governments.
Use trusted, reputable, transparent and open-source orientated end to end encrypted communication applications on your mobile smartphone (such as Wire or Signal, or the Cryptophone app on the CP500i). The solution is available to private individuals, businesses and organisations, and governments.
Deploy mitigation against "over the air" (i.e., IMSI catchers) and "over the network" (i.e., SS7 exploits) attacks. The solutions are available to businesses and organisations, governments and cellular network carriers.
Contact us at ARC Solutions anytime. We can help you with acquiring, deploying and using the solutions listed above.
Unencrypted open email: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com
Encrypted email: send us an email from a Tutanota account to firstname.lastname@example.org; the email will be end-to-end encrypted.