summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhellekin <hellekin@dyne.org>2016-08-12 07:13:13 (GMT)
committerhellekin <hellekin@dyne.org>2016-08-12 07:13:13 (GMT)
commit3f36f771db7f7bb5e3e23606b5a23095dabe151c (patch)
tree20d7f229407cfc7619947f22fdf96face3876d64
parentfbc484eb1977b587814a03af506fc0fb8b66f1ad (diff)
downloadwww-0022.zip
www-0022.tar.gz
www-0022.tar.bz2
Phew, I finally understood what changed was to be done.0022
-rw-r--r--content/0022-about-the-asn.1-vulnerability.html34
1 files changed, 15 insertions, 19 deletions
diff --git a/content/0022-about-the-asn.1-vulnerability.html b/content/0022-about-the-asn.1-vulnerability.html
index 02f9a9f..802d4d5 100644
--- a/content/0022-about-the-asn.1-vulnerability.html
+++ b/content/0022-about-the-asn.1-vulnerability.html
@@ -79,14 +79,9 @@
<h2>How is Neo900 Affected?</h2>
-<!-- <p>The short answer is: although the modem in Neo900 may or may
- not be affected--we cannot know since <strong>all baseband
- chips are proprietary black box designs</strong>--Neo900 is
- designed to not trust the modem.</p>
--->
- <p>The short answer is: even if the modem in Neo900 were
- compromised, it couldn't spread infection to the rest of the
- system like it would on most smartphones. To know why, read on.</p>
+ <p>The short answer is: this vulnerability that potentially
+ plagues most commercial phones on the planet, won't affect
+ Neo900 like it will other devices.</p>
<p>In
our <a href="https://neo900.org/news/paypal-resumes-neo900-sources-again">last
@@ -121,19 +116,20 @@
</ul>
</p>
- <p>Therefore this vulnerability that potentially plagues most
- commercial phones on the planet, won't affect Neo900 like it
- will other devices. In other designs where RAM is shared and a
- rogue modem can access the power supply at will, the attack
- surface is infinitely larger, and exploiting a vulnerability
- such as the <abbr>ASN.1</abbr> bug will grant access to the
- whole system.</p>
+ <p>Therefore, although the modem in Neo900 may or may not be
+ affected&mdash;we cannot know since <strong>all baseband chips
+ are proprietary black box designs</strong>&mdash;Neo900 is
+ designed to not trust the modem. In other designs where RAM is
+ shared and a rogue modem can access the power supply at will,
+ the attack surface is infinitely larger, and exploiting a
+ vulnerability such as the <abbr>ASN.1</abbr> bug will grant
+ access to the whole system.</p>
<p>But with Neo900, the attack surface is much reduced, and a
- compromised modem would only to subvert the <abbr>CPU</abbr> in
- the presence of subsequent major vulnerabilities. As long as
- there's no proprietary vulnerable binary blobs in the
- Neo900 <abbr title="Application Processor
+ compromised modem would only be able to subvert
+ the <abbr>CPU</abbr> in the presence of subsequent major
+ vulnerabilities. As long as there's no proprietary vulnerable
+ binary blobs in the Neo900 <abbr title="Application Processor
Environment">APE</abbr>, we consider the chance of a modem bug
bubbling up to the rest of the system without a way to control
it and fix it in software negligible.</p>