On Fri, Aug 22, 2014 at 10:24:09AM +1000, Trent W. Buck wrote:
Robin Humble wrote:
no phones are secure - android or not - I'm sure the .gov people who care can always break in through the GSM layer via a fake tower and then up to the OS 'cos it's all mmap'd. I don't see how mmap comes into it.
yeah, you're probably right - not via mmap (I was thinking of the OpenGL hardware and blobs), unless one of the proprietary and un-audited firmwares or binary daemons provides that convenience interface :) http://code.paulk.fr/article18/the-samsung-galaxy-back-door-was-bullshit-rea... perhaps the folks who made weak encryption and broken protocols http://en.wikipedia.org/wiki/A5/1 were so good at writing the binary GSM firmware blob that there are no remote bugs or buffer overflows in it. who knows. cheers, robin