@laginimaineb "the utilisation of hardware components remains as it is, and is currently not mitigated against": not sure I understand 100%
-
-
Replying to @scarybeasts @laginimaineb
Could the host driver apply physical mem range restrictions to the WiFi SoC DMA if it wanted to, or are we screwed?
2 replies 0 retweets 0 likes -
Replying to @scarybeasts
I don't know. There are IOMMUs for other components, it's not clear if one can be used for the Wi-Fi chip. Same applies for Exynos.
2 replies 0 retweets 0 likes -
Replying to @laginimaineb
Sooo... can of worms time. Can code on the cellular SoCs smash arbitrary physical RAM too?
4 replies 0 retweets 1 like -
Replying to @scarybeasts @laginimaineb
That's what I was warning about in my first talks about baseband attacks in 2010. Qualcomm has learned their lesson and has protections.
1 reply 0 retweets 1 like -
Replying to @esizkur @laginimaineb
Protections against what? Whitehat researchers?
1 reply 1 retweet 2 likes -
Replying to @scarybeasts @laginimaineb
An XPU (protection unit) is configured at bootup to restrict the physical memory range the baseband is allowed to access to a small buffer.
1 reply 0 retweets 1 like -
Unfortunately XPUs are seriously underdocumented and there have been misconfigurations in the past. Also, there are other ways to escalate.
1 reply 0 retweets 1 like
This is just bad design. Shouldn't have to rely on proper config. Hardware topology should be such that access to system mem is impossible.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.