diff options
authorhellekin <>2016-08-07 19:48:21 +0000
committerhellekin <>2016-08-07 19:48:21 +0000
commit853ab685ee0b2dac69eb69595465a8f0303fea2d (patch)
parent93b6cc9b831191109348c8278819e5fbe045a20c (diff)
More on ASN.1 vulnerability in Neo900 vs. other devices
1 files changed, 25 insertions, 5 deletions
diff --git a/content/0021-migrating-away-from-eagle-to-kicad.html b/content/0021-migrating-away-from-eagle-to-kicad.html
index 7d38df3..2b6765d 100644
--- a/content/0021-migrating-away-from-eagle-to-kicad.html
+++ b/content/0021-migrating-away-from-eagle-to-kicad.html
@@ -91,8 +91,9 @@
phone that provides a hardware protection from remote activation
of the baseband chip</strong></q>.</p>
- <p>In fact, the GTA0x design of Neo 1973 and Neo FreeRunner, that
- Neo900 builds upon, contains two unique features:
+ <p id="anchor-gta0x">In fact, the
+ <a href="#note-gta0x"><strong>GTA0x</strong> design</a>
+ contains two unique features:
<li>the modem is detached from the power source, unlike other
smartphones, so that the modem has to be authorized by
@@ -103,7 +104,8 @@
action, could take control of memory segments pertaining to
other subsystems and inject malicious code.</li>
- Thanks to this design, the <abbr>CPU</abbr> has the capacity to monitor:
+ Neo900 takes advantage of this and incorporates circuitry to
+ give the <abbr>CPU</abbr> the capacity to monitor:
<li>the modem access to power and its consumption</li>
<li>the activity of the modem antenna</li>
@@ -115,8 +117,20 @@
- <p>Therefore this vulnerability that potentially plagues all
- commercial phones on the planet, won't affect Neo900.</p>
+ <p>Therefore this vulnerability that potentially plagues most
+ commercial phones on the planet, won't affect Neo900 like it
+ will other devices. A rare combination of hardware
+ vulnerability in the USB connecting the modem to the CPU and a
+ software vulnerability would have a remote chance to do
+ that. In other designs where RAM is shared and a rogue modem
+ can access the power supply at will, the attack surface is
+ infinitely larger, and exploiting a vulnerability such as the
+ ASN.1 bug will grant access to the whole system. As long as
+ there's no proprietary vulnerable binary blobs in the
+ Neo900 <abbr title="Application Processor
+ Environment">APE</abbr>, the chance of a modem bug bubbling up
+ to the rest of the system without a way to control it and fix
+ it in software remains null.</p>
<p>Our exclusive Neo900 design is more valuable than ever!</p>
@@ -245,5 +259,11 @@
news? You can tell me: hellekin at neo900 dot org, or in the
+ <p id="note-gta0x" class="footnote">Footnote: from Openmoko Neo
+ 1973 and FreeRunner, to Golden Delicious GTA04 and maybe the
+ upcoming Pyra, and of course Neo900, GTA0x design supports modem
+ separation, although not power separation in Neo
+ 1973. <a href="#anchor-gta0x" title="back to text">^^</a></p>