On 29 July 2013 15:31, nic <nic@404ed.org> wrote:
I've not investigated this sort of update before, but based on the little I grasped from your email I'd be interested to learn more about how, when, and why these updates are deployed.
http://en.wikipedia.org/wiki/FOTA_(technology) http://en.wikipedia.org/wiki/FUMO http://en.wikipedia.org/wiki/OMA_DM The above is ok for a very basic overview of the updating process allowing updating of the baseband via a number of ways.
Below is focussed on exploiting the baseband rather than a malicious update its interesting given this was a non-nation state attacker, so they did not have the advantage of a "relationship" with a carrier/operator
https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf
Thanks for the links. According to http://en.wikipedia.org/wiki/OMA_DM, it only applies to certain phones. Only one really old Android phone appears in the list. Are you sure this is an issue? Yes, more companies are listed under http://en.wikipedia.org/wiki/FOTA_(technology), however I think this is a more generic thing, and probably applies to the Android updates. -- Brian May <brian@microcomaustralia.com.au>