© 2019 Aitchison Reid Consulting Pty Ltd, a company incorporated in Australia. Trading as ARC Solutions and Aitchison Reid Consulting. ACN 158 303 774. ABN 56 347 951 609.

 

Disclaimer: The commentary and information on this website is not legal advice, IT, risk, management or general advice. Seek advice on matters of interest arising from the commentary and information on this website. Any reference made on this website to law practice Aitchison Reid Pty Ltd or Aitchison Reid Consulting Pty Ltd does not imply any warranty or any guarantee from Aitchison Reid Pty Ltd or Aitchison Reid Consulting Pty Ltd for the reference made. 

 

 

Terms of Use & Privacy Policy | News & Publications | About Us | Contact

 

.

    • Twitter Clean Grey
    • Facebook Clean Grey
    • LinkedIn Clean Grey

    The basic anatomy of a mobile smartphone

     

     

    Simple Really

     

    A mobile smartphone has two primary processing units: its baseband processor (BP) and its application processor (AP).

     

    See details from Weinmann's 2012 paper "Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks":

     

    “the majority of modern smartphones contain at least two CPUs, the application processor, which handles the user interface and runs the applications installed by the user and a second CPU, the baseband processor, that handles connectivity to the cellular network.

     

    Some smartphone designs use a shared-memory architecture where the baseband processor can access all of the application processor’s memory space while other designs have better isolation, i.e. the baseband processor and the application processor have separate memories and exchange messages through dedicated communication channel”.

     

    Implications?

     

    "Successful exploitation of memory corruption in GSM baseband software stacks provides an attacker with access to privacy-relevant hardware of the telephone."

     

    "Audio routing on the majority of chipsets is done on the baseband CPU, which means that it has access to the built-in microphone; similarly for built-in cameras."

     

    "An attacker that has taken control over the baseband side of a telephone can monitor a user completely transparently – without visibility of the compromise from the side of the application CPU."

     

    "Furthermore, given the large quantities of RAM available to the baseband on some phones, surreptitious room monitoring is possible: Simply record the audio from the microphone and store the compressed audio data to ring buffer in RAM. The payload then waits until a data connection is established and piggy-backs onto it, sending out the compressed recording to a server of its choice."

     

    "A second obvious set of problems revolves around billing issues: once the attacker has control over the baseband he can place calls, send premium SMSes or cause large data transfers unbeknownst to the owner of the phone. This obviously can cause problems for both carriers and end-users."

     

    Solutions?

     

    1. Use a smartphone with a built-in baseband firewall which detects attacks against the phone's baseband processor. The solution is available to private individuals, businesses and organisations, and governments.
       

    2. Use trusted, reputable, transparent and open-source orientated end to end encrypted communication applications on your mobile smartphone (such as Wire or Signal, or the Cryptophone app on the CP500i). The solution is available to private individuals, businesses and organisations, and governments.
       

    3. Deploy mitigation against "over the air" (i.e., IMSI catchers) and "over the network" (i.e., SS7 exploits) attacks. The solutions are available to businesses and organisations, governments and cellular network carriers.

     

    Need help?

     

    Contact us at ARC Solutions anytime. We can help you with acquiring, deploying and using the solutions listed above.

     

    Unencrypted open email: info@arcsolutions.com.au, cryptophone@arcsolutions.com.au, overwatch@arcsolutions.com.au, oversight@arcsolutions.com.au

     

    Encrypted email: send us an email from a Tutanota account to info@arcsolutions.com.au; the email will be end-to-end encrypted.

     

    Please reload

    Featured Posts

    Cyber attacks pretending to be payment schedules

    March 28, 2018

    1/6
    Please reload

    Recent Posts
    Please reload

    Archive