On 07/29/2013 02:10 PM, Matthew Cengia wrote:
On 2013-07-29 13:44, nic wrote: [...]
any carrier you connect to via GSM can send push OTA to your phone/sim its not an android update but a FTOA update of one of the proprietary blobs on your handset once they have that level access its game over. hence the problematic nature of the closed source baseband drivers and direct memory access given to the modem on most phones.
Nic,
Could you please make a more concerted effort to use full sentences with proper grammar and punctuation? Your first sentence above is very difficult to understand.
I shall do my best.
I've not investigated this sort of update before, but based on the little I grasped from your email I'd be interested to learn more about how, when, and why these updates are deployed.
http://en.wikipedia.org/wiki/FOTA_(technology) http://en.wikipedia.org/wiki/FUMO http://en.wikipedia.org/wiki/OMA_DM The above is ok for a very basic overview of the updating process allowing updating of the baseband via a number of ways. Below is focussed on exploiting the baseband rather than a malicious update its interesting given this was a non-nation state attacker, so they did not have the advantage of a "relationship" with a carrier/operator https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf