29 Jul
2013
29 Jul
'13
6:29 a.m.
Brian May <brian@microcomaustralia.com.au> wrote:
https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf
Thanks for the links.
According to http://en.wikipedia.org/wiki/OMA_DM, it only applies to certain phones. Only one really old Android phone appears in the list.
Note however that the attacks described in the paper cited above don't rely on the delivery of firmware updates; they exploit security vulnerabilities in the GSM implementation. Thus there is cause for concern (about the binary-only drivers and what might be lurking therein) quite aside from the firmware updating mechanism.