The Hidden Operating System...

... in your Smartphone

Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not only the end-users operating systems (Android, iOS, PalmOS). Aside from the end-users operating system, it also runs a small hidden operating system that manages everything related to radio. Because of highly timing-dependent functionality, a real-time operating system is required. Qualcomm is the leader with 72% market share of AMSS.

This hidden operating system is closed source, stored in firmware, and runs on the baseband processor. The baseband processor is usually the master in your smartphone with full control over all hardware like microphone an camera, whereas the application processor (which runs the Linux kernel and end-users operating system) is the slave.

The closed software of the hidden operating system is poorly understood and poorly documented and not secure, as there's no proper peer review. The standards that govern how the baseband processors work were designed with a '90s attitude towards security. Each security analysis required a reverse engineering of the closed software. Some research results were published in the last years:

  • Security researcher Ralf-Philipp Weinmann presented a remote code execution attack with only 73 bytes on the DeepSec 2010. He opened a backdoor on Androids and iPhones and activated the microphones remotely: All Your Baseband Are Belong To Us.

  • In 2013 Weinmann presented an improved attack Hexagon challenges at PacSec.

  • A telecommunications security research group at the Technical University of Berlin was able to hack phones and block calls and texts intended for nearby people connected to the same cellular network. They demonstrated the usage of very less hardware requirements and used only smartphones for the attack. It was presented on 22nd USENIX Security Symposium: firmware tweak block subscriber.

Law enforcement agencies may have access to the hidden operating system too (by exploit or backdoor?). In 2006 the FBI turned the phones of the mafia bosses Ardito und Peluso into spying bugs by activating the microphones remotely. This was 4 years before the presentation of first civil research results about baseband hacking by Weinmann.

... in your Car

As of Oct. 2015 all new cars in EU have to be equipped with an eCall system. This small "mobile phone" will send automated emergency calls in case of crashes to alert first aid emergency services more quickly.

Privacy advocates are alarmed about this. All location tracking services for mobile phones will work for cars too in a near future?

  • The EU data retention law may force mobile communication providers to keep the location data for each smartphone for 6 month and more. This will affect cars with eCall systems too?

  • The NSA is tracking cellphone locations worldwide. Not only cellphones but cars too in future?

  • Silent SMS may locate cars very exactly without applying a GPS tracking modul.

  • .... and more

Privacy advocates of the EU parliament asked for clear usage restriction of location data of eCall systems only for location of crashes. (Why can't I calm down by reading this?)


    No Trackbacks


Display comments as (Linear | Threaded)

    No comments

The author does not allow comments to this entry