Conversation

dropping CCs at request Anyway, all said I agree with you. But the concerns you mention here are also true of Android devices. I would rather have physically replaceable radio modules and then work on reveng or memory isolating the drivers. twitter.com/DanielMicay/st

This Tweet is unavailable.

Replying to

Big difference between a device with components that are strongly hardened, highly audited and have good ongoing security support vs. the complete opposite. Also, portraying it backwards by misinterpreting how DMA / IOMMUs work is just wrong.

Lance R. Vick ( @lrvick@mastodon.social )

@lrvick

Sep 11, 2020

Replying to

@DanielMicay

You can't claim hardware is secure you can't see the firmware for. Tomorrow's update could be hostile. You present a fair argument though. We either design to distrust the radios, or we might as well blindly trust their updates. I am convinced here.

Replying to

Devices you're talking about have entirely closed source hardware and firmware. If you choose components that are known to be insecure and also don't apply fixes to known security vulnerabilities, backdoors are a non-issue, because you have the front door wide open to attackers.

Lance R. Vick ( @lrvick@mastodon.social )

@lrvick

Sep 11, 2020

Replying to

@DanielMicay

There are no alternative components today and we both know it. This is why I like that they are separate hardware modules I can physically replace once an alternative exists with hope to find SoC feature to jail drivers in the short term.

Replying to

So how does it help to use an SoC platform with far worse security and isolation, and then ship it in a way that's not set up in a proper way for production and is a massive step backwards from the mainstream status quo? I don't get it.

Lance R. Vick ( @lrvick@mastodon.social )

@lrvick

Sep 11, 2020

Replying to

@DanielMicay

I don't know enough about the isolation options of the SoC here yet so I can't speak to that. But as I stated three times, I agree with you. We need to either be able to have SoC features to distrust the radios, or have replaceable radios to swap to trustworthy ones later.

Lance R. Vick ( @lrvick@mastodon.social )

Replying to

and

The latter is supported, the former I don't know at this time and need to research

Daniel Micay

@DanielMicay

Replying to

@lrvick

The SoC has a ton of components itself, not just the massive complexity of the CPUs and GPU. It's the core of the security for a phone, and you can't just ship an over-the-air SoC update after the fact. Firmware / microcode allows flaws to be fixed with updates, hardware doesn't.

5:33 PM · Sep 11, 2020Twitter Web App

Replying to

and

Hardware and firmware security really does matter a lot. For example, the GPU security model / implementation. A lot of GPU vendors don't do much to stop trivial exploitation leading to not just gaining access to all graphics but more powerful memory access than even the kernel.