Andrew McGlashan via luv-talk wrote:
Hi,
On 19/06/18 19:01, Rohan McLeod via luv-talk wrote:
Assembled cognoscenti;
in the context of the current national security concerns,
regarding ZTE and Huawei. Any hardware from any supplier is suspect; Intel ME, Spectre, Meltdown .... that's just for starters.
Most mobile phones are built on a "base" that the normal OS doesn't have access to as well (like Intel ME). You might have the most secure setup of Android, but still have that underlying layer that we cannot control and which may be vulnerable -- just like the mobile phone network (SS7 vulnerabilities for starters there).
With chips (silicon), geting so small, it can hide all sorts of things that can't be detected without super magnification. Heck, with port knocking type of behaviour, a "backdoor" hardware component may be kept completely inactive until a specific set of operations (electrically) pass through it's pins on the motherboard, or even specific NFC type interaction with a close by device.
Yep, we've been there, but how far do you want to go?
Well it's not really how far I want to go; if I was a multi-billion dollar company whose market share depends on my credibility; then when some government agency; wants to pressure me into inserting a back-door, into the hardware or software of my mobile phone design, then I am gambling that credibility against the possibility that some time in the future, it will not be discovered, -by a reverse design engineer in a opposition company - by loose talk or whistle-blower in that government agency - by the idle curiosity of some hardware or software hacker ......." are you feeling lucky punk ?:-) regards Rohan McLeod