Re: Installing Debian on an android device

To: debian-user@lists.debian.org
Subject: Re: Installing Debian on an android device
From: <tomas@tuxteam.de>
Date: Sun, 9 Jul 2017 17:43:50 +0200
Message-id: <[🔎] 20170709154350.GB7842@tuxteam.de>
In-reply-to: <[🔎] ojtge5$nsr$1@blaine.gmane.org>
References: <[🔎] 6CuHS87CyVSL5SnIyn4dfc4X0bcS04JeHWmY1SZ-eHZTcPjDDzGqjaQRqlp9Oc3TQd3H9cTJqNr1QtK40T7L0gx82h_mFB0n4CjK-Y6uKY4=@protonmail.com> <[🔎] CAAr43iO6Pr9GF0XLkg1adVL8b63yrUJ-qALGp-shTrng-ZdD1Q@mail.gmail.com> <[🔎] ojq0a5$3mn$2@blaine.gmane.org> <[🔎] 20170708085019.4502bea5@jresid.jretrading.com> <[🔎] QTuinDY0qYr_C_r0b-uVzdf52BDqhsVr3edZMe65oXl8GR4cazp5k7jXSWMSoIoWAgknAAI6fRQyvh8Lf8fSk6XFqRqdex8YoEeGlPbSyAc=@protonmail.com> <[🔎] ojsf6u$ccm$1@blaine.gmane.org> <[🔎] tTxG8LU8rS53z3O68bui5fD9C6WB_R3vvJYjm-Jw96QMfCRlMicgC-lgR5opKRgiMtTfhe91vI7pB0_2W5QmPpKaqGKl4_bqMOvBY3gzeqQ=@protonmail.com> <[🔎] ojt0d8$icd$1@blaine.gmane.org> <[🔎] ewnp2cCAYFb_OkHJHcZuRjUDxb9mjD2Qva9X5YzTnHAkRhRmjZ0eJ3HoW4EQX_8huthp-ERwkc3w-BngLZWrppks5j1ha9hetbZaOn2NYHw=@protonmail.com> <[🔎] ojtge5$nsr$1@blaine.gmane.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Jul 09, 2017 at 05:00:26PM +0200, deloptes wrote:

[...]

> As for some conspiracy chips with embedded rom .... if you have basic
> engineering knowledge you could easily identify all of it and to my
> knowledge it is not trivial to embed such a chip into a mass product,
> especially a mobile phone.

If you want some fascinating reading, see [1] [2]: a researcher from
Google's Zero Day project found out bugs in the firmware of a widespread
Broadcomm SoC (used in many well-known smartphones). Specifically some
buffer overflows in the WiFi subsystem (a processor on its own, with
its own firmware, but sharing the main processor's RAM, it seems).

He could produce a proof-of-concept exploit in which prepared WiFi
packets could first take over the WiFi processor, then from there the
main processor. No user interaction needed: just the WiFi has to be
listening.

No need for the bad guys to shoehorn a spy processor on your machine.
There are enough already in there (Intel's ME, disk controllers, what
not) with enough vulnerabilities ready to do the NSA's bidding (or FSB,
or whoever is your favourite enemy these days).

Cheers, indeed :-)

[1] https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
[2] https://googleprojectzero.blogspot.de/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlliTzYACgkQBcgs9XrR2kYb9wCbBSmZr1cZHcrC0abG34LjDcvr
qcQAn0LeCfpNuRNsAiBW2JckR/i6bws/
=6oWQ
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Installing Debian on an android device
  - From: deloptes <deloptes@gmail.com>

References:
- Re: Installing Debian on an android device
  - From: Fungi4All <fungilife@protonmail.com>
- Re: Installing Debian on an android device
  - From: Joel Rees <joel.rees@gmail.com>
- Re: Installing Debian on an android device
  - From: deloptes <deloptes@gmail.com>
- Re: Installing Debian on an android device
  - From: Joe <joe@jretrading.com>
- Re: Installing Debian on an android device
  - From: Fungi4All <fungilife@protonmail.com>
- Re: Installing Debian on an android device
  - From: deloptes <deloptes@gmail.com>
- Re: Installing Debian on an android device
  - From: Fungi4All <fungilife@protonmail.com>
- Re: Installing Debian on an android device
  - From: deloptes <deloptes@gmail.com>
- Re: Installing Debian on an android device
  - From: Fungi4All <fungilife@protonmail.com>
- Re: Installing Debian on an android device
  - From: deloptes <deloptes@gmail.com>

Prev by Date: Re: debian wiki
Next by Date: Fwd: Wow, non mi sarei mai aspettata di dirlo ad un ragazzo appena incontrato. Lucrezia
Previous by thread: Re: Installing Debian on an android device
Next by thread: Re: Installing Debian on an android device
Index(es):
- Date
- Thread