diff options
author | hellekin <hellekin@dyne.org> | 2016-08-11 15:46:34 +0000 |
---|---|---|
committer | hellekin <hellekin@dyne.org> | 2016-08-11 15:46:34 +0000 |
commit | 74943f8feb8588647b61b48687233a1c16a81a0e (patch) | |
tree | f1c07b2caa96b1e26d92083e751f04ec98581107 | |
parent | 398b6259a24d496ae03359944846a994192243a1 (diff) | |
download | www-74943f8feb8588647b61b48687233a1c16a81a0e.tar.gz www-74943f8feb8588647b61b48687233a1c16a81a0e.tar.bz2 www-74943f8feb8588647b61b48687233a1c16a81a0e.zip |
Finalize article
-rw-r--r-- | content/0022-about-the-asn.1-vulnerability.html | 72 |
1 files changed, 39 insertions, 33 deletions
diff --git a/content/0022-about-the-asn.1-vulnerability.html b/content/0022-about-the-asn.1-vulnerability.html index b546344..f3ae90d 100644 --- a/content/0022-about-the-asn.1-vulnerability.html +++ b/content/0022-about-the-asn.1-vulnerability.html @@ -21,30 +21,35 @@ <h1 id="asn1-vulnerability">ASN.1 Vulnerability</h1> <p>Following the decision of <abbr title="National Institute for - Standards and Technology">NIST</abbr> to deprecate usage of SMS in - two-factor authentication (we'll come back on this in an upcoming - installment), this vulnerability disclosure confirms the interest - of the unique design of Neo900 that isolates the baseband chip - from power supply, making it dependent on the <abbr title="Central - Processing Unit">CPU</abbr> (and the <abbr title="Operating + Standards and Technology">NIST</abbr> to deprecate usage of SMS + in two-factor authentication, this vulnerability disclosure + confirms the pertinence of the unique design of Neo900 that, + among other features, isolates the baseband chip (modem), making + it dependent on the <abbr title="Central Processing + Unit">CPU</abbr> (and the <abbr title="Operating System">OS</abbr>) to access anything else on the system, and preventing remote activation of the chip in the first place.</p> <p>Lucas Molas of <em>Programa STIC</em> discovered a <cite>Heap - memory corruption in ASN.1 parsing code generated by Objective - Systems Inc. ASN1C compiler for C/C++</cite> potentially affecting - billions of phone users worldwide. The proprietary software - vendor received a bug report via <em>plain text email</em> on - June, 1<sup>st</sup>, 2016, according to + memory corruption in <abbr title="Abstract Syntax Notation + One">ASN.1</abbr> parsing code generated by Objective Systems + Inc. ASN1C compiler for C/C++</cite> potentially affecting + billions of phone users worldwide. + <q cite="http://www.itu.int/en/ITU-T/asn1/Pages/Application-fields-of-ASN-1.aspx"> + <abbr>ASN.1</abbr> is used in many protocols and data formats, + including cellular telephony.</q> + The proprietary software vendor received a bug report + via <em>plain text email</em> on June, 1<sup>st</sup>, 2016, + according to the <a href="https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080/">CVE-2016-5080</a> released on July, 18<sup>th</sup>, 2016 to the public in a coordinated release with the vendor.</p> - <blockquote>Abstract Syntax Notation One (<abbr title="Abstract - Syntax Notation One">ASN.1</abbr>) is a technical standard and - formal notation that describes rules and structures for - representing, encoding, transmitting, and decoding data in - telecommunications and computer networking.</blockquote> + <blockquote>Abstract Syntax Notation One (<abbr>ASN.1</abbr>) is + a technical standard and formal notation that describes rules + and structures for representing, encoding, transmitting, and + decoding data in telecommunications and computer + networking.</blockquote> <blockquote>A vulnerability found in the runtime support libraries of the ASN1C compiler for C/C++ from Objective @@ -68,13 +73,16 @@ that <q>memory corruption bugs in <abbr>ASN.1</abbr> related components of an <abbr title="Long Term Evolution">LTE</abbr> stack have been announced or hinted at in several infosec - conference presentations over the past few weeks and its likely - the same or similar bugs will become public soon.</q></p> + conference presentations over the past few weeks and its (sic) + likely the same or similar bugs will become public + soon.</q></p> <h2>How is Neo900 Affected?</h2> - <p>The short answer is: Neo900 is not affected. Keep reading to - know why.</p> + <p>The short answer is: although the modem in Neo900 may or may + not be affected--we cannot know since <strong>all baseband + chips are proprietary black box designs</strong>--Neo900 is + designed to not trust this chip.</p> <p>In our <a href="https://neo900.org/news/paypal-resumes-neo900-sources-again">last @@ -84,7 +92,7 @@ <p id="anchor-gta0x">In fact, the <a href="#note-gta0x"><strong>GTA0x</strong> design</a> contains - two unique features: + two unique features to detect and/or prevent suspect activity: <ul> <li>the modem is detached from the power source, unlike other smartphones, so that the modem has to be authorized by @@ -92,7 +100,7 @@ <li>the modem and the <abbr>CPU</abbr> <strong>do not share <abbr title="Random Access Memory">RAM</abbr>, which prevents a whole range of attack vectors where a rogue - baseband chip, either by design, by "lawful" or illegal + baseband chip, either by design, by "lawful", or by illegal action, could take control of memory segments pertaining to other subsystems and inject malicious code.</li> </ul> @@ -117,15 +125,14 @@ such as the <abbr>ASN.1</abbr> bug will grant access to the whole system.</p> - <p>But with Neo900, only a rare combination of hardware - vulnerability in the <abbr title="Universal Serial - Bus">USB</abbr> connecting the modem to the <abbr>CPU</abbr>, - and a software vulnerability would have a remote chance to do - that. As long as there's no proprietary vulnerable binary blobs - in the Neo900 <abbr title="Application Processor - Environment">APE</abbr>, the chance of a modem bug bubbling up - to the rest of the system without a way to control it and fix - it in software remains null.</p> + <p>But with Neo900, the attack surface is much reduced, and a + compromised modem would only to subvert the <abbr>CPU</abbr> in + the presence of subsequent major vulnerabilities. As long as + there's no proprietary vulnerable binary blobs in the + Neo900 <abbr title="Application Processor + Environment">APE</abbr>, we consider the chance of a modem bug + bubbling up to the rest of the system without a way to control + it and fix it in software negligible.</p> <p>Our exclusive Neo900 design is more valuable than ever!</p> @@ -135,8 +142,7 @@ <p>P.S.: Feedback is welcome! Did you enjoy reading this post? What else should it have covered? What do you want to read in the - news? You can tell me: hellekin at neo900 dot org, or in the - comments.</p> + news? You can tell me: hellekin at neo900 dot org.</p> <p id="note-gta0x" class="footnote">Footnote: from Openmoko Neo 1973 and FreeRunner, to Golden Delicious GTA04 and maybe the |