There is some speculation being bandied about that this is a rooted phone proof OTA update mechanism for the Samsung Android system, or some such. But it's insecurity-by-obscurity in that case, and irresponsible.
At which point, it seems like a good time to declare that this is my personal opinion and not that of my new employer Blackphone (Silent Circle/Geeksphone joint venture), where I am now serving as Privacy Evangelist, which has to be the most delightful non-oxymoronic job title EVAH! *gryn* On Wed, Mar 12, 2014 at 5:32 PM, Andrés Leopoldo Pacheco Sanfuentes < alps6...@gmail.com> wrote: > Did they get PAID!! ? 'cause those devices are VERY EXPENSIVE!!! > > Best Regards | Cordiales Saludos | Grato, > > Andrés L. Pacheco Sanfuentes > <a...@acm.org> > +1 (817) 271-9619 > > > On Wed, Mar 12, 2014 at 4:15 PM, John Sullivan <jo...@fsf.org> wrote: > > (Sharing this from > > < > https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor > >.) > > > > # Replicant developers find and close Samsung Galaxy backdoor > > > > *This is a guest post by [Replicant](http://replicant.us) developer > Paul Kocialkowski. The > > Free Software Foundation supports Replicant through its Working > > Together for Free Software fund. [Your > > donations]( > https://crm.fsf.org/civicrm/contribute/transact?reset=1&id=19) > > to Replicant support this important work.* > > > > Today's phones come with two separate processors: one is a > > general-purpose applications processor that runs e.g. Android; the > > other, known as the modem, baseband or radio, is in charge of > > communications with the mobile telephony network. This processor > > always runs a proprietary operating system, and these systems are > > known to have back-doors that make it possible to remotely convert the > > modem into a remote spying device. The spying can be operated using > > the device's microphone, but it could also use the precise GPS > > location of the device and access the camera, as well as the user data > > stored on the phone. Moreover, modems are connected most of the time > > to the operator's network, making the back-doors nearly always > > accessible. > > > > It is possible to build a device that isolates the modem from the rest > > of the phone, so it can't mess with the main processor or access other > > components such as the camera or the GPS. Very few devices offer such > > guarantees. In most devices, for all we know, the modem may have total > > control over the applications processor and the system, but that's > > nothing new. > > > > While working on [Replicant](http://replicant.us), a fully free/libre > > version of Android, we discovered that the proprietary program running > > on the applications processor in charge of handling the communication > > protocol with the modem actually implements a back-door that lets the > > modem perform remote file I/O operations on the file system. This > > program is shipped with the Samsung Galaxy devices and makes it > > possible for the modem to read, write and delete files on the phone's > > storage. On several phone models, this program runs with sufficient > > rights to access and modify the user's personal data. A technical > > description of the issue, as well as the list of known affected > > devices is available at the Replicant wiki: > > < > http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor > >. > > > > Provided that the modem runs proprietary software and can be remotely > > controlled, that back-door provides remote access to the phone's data, > > even in the case where the modem is isolated and cannot access the > > storage directly. This is yet another example of what unacceptable > > behavior proprietary software permits! Our free replacement for that > > non-free program does not implement this back-door. If the modem asks > > to read or write files, Replicant does not cooperate with it. > > > > Replicant does not cooperate with back-doors, but if the modem can take > > control of the main processor and rewrite the software in the latter, > > there is no way for a main processor system such as Replicant to stop > > it. But at least we know we have closed one back-door. > > > > -- > > John Sullivan | Executive Director, Free Software Foundation > > GPG Key: 61A0963B | http://status.fsf.org/johns | > http://fsf.org/blogs/RSS > > > > Do you use free software? Donate to join the FSF and support freedom at > > <http://www.fsf.org/register_form?referrer=8096>. > > -- > > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- Shava Nerad shav...@gmail.com
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
