summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhellekin <hellekin@dyne.org>2016-08-11 15:46:34 +0000
committerhellekin <hellekin@dyne.org>2016-08-11 15:46:34 +0000
commit74943f8feb8588647b61b48687233a1c16a81a0e (patch)
treef1c07b2caa96b1e26d92083e751f04ec98581107
parent398b6259a24d496ae03359944846a994192243a1 (diff)
downloadwww-74943f8feb8588647b61b48687233a1c16a81a0e.tar.gz
www-74943f8feb8588647b61b48687233a1c16a81a0e.tar.bz2
www-74943f8feb8588647b61b48687233a1c16a81a0e.zip
Finalize article
-rw-r--r--content/0022-about-the-asn.1-vulnerability.html72
1 files changed, 39 insertions, 33 deletions
diff --git a/content/0022-about-the-asn.1-vulnerability.html b/content/0022-about-the-asn.1-vulnerability.html
index b546344..f3ae90d 100644
--- a/content/0022-about-the-asn.1-vulnerability.html
+++ b/content/0022-about-the-asn.1-vulnerability.html
@@ -21,30 +21,35 @@
<h1 id="asn1-vulnerability">ASN.1 Vulnerability</h1>
<p>Following the decision of <abbr title="National Institute for
- Standards and Technology">NIST</abbr> to deprecate usage of SMS in
- two-factor authentication (we'll come back on this in an upcoming
- installment), this vulnerability disclosure confirms the interest
- of the unique design of Neo900 that isolates the baseband chip
- from power supply, making it dependent on the <abbr title="Central
- Processing Unit">CPU</abbr> (and the <abbr title="Operating
+ Standards and Technology">NIST</abbr> to deprecate usage of SMS
+ in two-factor authentication, this vulnerability disclosure
+ confirms the pertinence of the unique design of Neo900 that,
+ among other features, isolates the baseband chip (modem), making
+ it dependent on the <abbr title="Central Processing
+ Unit">CPU</abbr> (and the <abbr title="Operating
System">OS</abbr>) to access anything else on the system, and
preventing remote activation of the chip in the first place.</p>
<p>Lucas Molas of <em>Programa STIC</em> discovered a <cite>Heap
- memory corruption in ASN.1 parsing code generated by Objective
- Systems Inc. ASN1C compiler for C/C++</cite> potentially affecting
- billions of phone users worldwide. The proprietary software
- vendor received a bug report via <em>plain text email</em> on
- June, 1<sup>st</sup>, 2016, according to
+ memory corruption in <abbr title="Abstract Syntax Notation
+ One">ASN.1</abbr> parsing code generated by Objective Systems
+ Inc. ASN1C compiler for C/C++</cite> potentially affecting
+ billions of phone users worldwide.
+ <q cite="http://www.itu.int/en/ITU-T/asn1/Pages/Application-fields-of-ASN-1.aspx">
+ <abbr>ASN.1</abbr> is used in many protocols and data formats,
+ including cellular telephony.</q>
+ The proprietary software vendor received a bug report
+ via <em>plain text email</em> on June, 1<sup>st</sup>, 2016,
+ according to
the <a href="https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080/">CVE-2016-5080</a>
released on July, 18<sup>th</sup>, 2016 to the public in a
coordinated release with the vendor.</p>
- <blockquote>Abstract Syntax Notation One (<abbr title="Abstract
- Syntax Notation One">ASN.1</abbr>) is a technical standard and
- formal notation that describes rules and structures for
- representing, encoding, transmitting, and decoding data in
- telecommunications and computer networking.</blockquote>
+ <blockquote>Abstract Syntax Notation One (<abbr>ASN.1</abbr>) is
+ a technical standard and formal notation that describes rules
+ and structures for representing, encoding, transmitting, and
+ decoding data in telecommunications and computer
+ networking.</blockquote>
<blockquote>A vulnerability found in the runtime support
libraries of the ASN1C compiler for C/C++ from Objective
@@ -68,13 +73,16 @@
that <q>memory corruption bugs in <abbr>ASN.1</abbr> related
components of an <abbr title="Long Term Evolution">LTE</abbr>
stack have been announced or hinted at in several infosec
- conference presentations over the past few weeks and its likely
- the same or similar bugs will become public soon.</q></p>
+ conference presentations over the past few weeks and its (sic)
+ likely the same or similar bugs will become public
+ soon.</q></p>
<h2>How is Neo900 Affected?</h2>
- <p>The short answer is: Neo900 is not affected. Keep reading to
- know why.</p>
+ <p>The short answer is: although the modem in Neo900 may or may
+ not be affected--we cannot know since <strong>all baseband
+ chips are proprietary black box designs</strong>--Neo900 is
+ designed to not trust this chip.</p>
<p>In
our <a href="https://neo900.org/news/paypal-resumes-neo900-sources-again">last
@@ -84,7 +92,7 @@
<p id="anchor-gta0x">In fact, the
<a href="#note-gta0x"><strong>GTA0x</strong> design</a> contains
- two unique features:
+ two unique features to detect and/or prevent suspect activity:
<ul>
<li>the modem is detached from the power source, unlike other
smartphones, so that the modem has to be authorized by
@@ -92,7 +100,7 @@
<li>the modem and the <abbr>CPU</abbr> <strong>do not share
<abbr title="Random Access Memory">RAM</abbr>, which
prevents a whole range of attack vectors where a rogue
- baseband chip, either by design, by "lawful" or illegal
+ baseband chip, either by design, by "lawful", or by illegal
action, could take control of memory segments pertaining to
other subsystems and inject malicious code.</li>
</ul>
@@ -117,15 +125,14 @@
such as the <abbr>ASN.1</abbr> bug will grant access to the
whole system.</p>
- <p>But with Neo900, only a rare combination of hardware
- vulnerability in the <abbr title="Universal Serial
- Bus">USB</abbr> connecting the modem to the <abbr>CPU</abbr>,
- and a software vulnerability would have a remote chance to do
- that. As long as there's no proprietary vulnerable binary blobs
- in the Neo900 <abbr title="Application Processor
- Environment">APE</abbr>, the chance of a modem bug bubbling up
- to the rest of the system without a way to control it and fix
- it in software remains null.</p>
+ <p>But with Neo900, the attack surface is much reduced, and a
+ compromised modem would only to subvert the <abbr>CPU</abbr> in
+ the presence of subsequent major vulnerabilities. As long as
+ there's no proprietary vulnerable binary blobs in the
+ Neo900 <abbr title="Application Processor
+ Environment">APE</abbr>, we consider the chance of a modem bug
+ bubbling up to the rest of the system without a way to control
+ it and fix it in software negligible.</p>
<p>Our exclusive Neo900 design is more valuable than ever!</p>
@@ -135,8 +142,7 @@
<p>P.S.: Feedback is welcome! Did you enjoy reading this post?
What else should it have covered? What do you want to read in the
- news? You can tell me: hellekin at neo900 dot org, or in the
- comments.</p>
+ news? You can tell me: hellekin at neo900 dot org.</p>
<p id="note-gta0x" class="footnote">Footnote: from Openmoko Neo
1973 and FreeRunner, to Golden Delicious GTA04 and maybe the