Author Topic: A new chapter in "C was a mistake", courtesy of Samsung  (Read 1996 times)

0 Members and 1 Guest are viewing this topic.

Offline MarcoTopic starter

  • Super Contributor
  • ***
  • Posts: 7044
  • Country: nl
A new chapter in "C was a mistake", courtesy of Samsung
« on: March 17, 2023, 05:59:43 pm »
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

Samsung was silly enough to leave its mobile phone baseband machine code out in the open ... and don't you know it, an ancient massive closed source C codebase with shared memory access to everything in mobile phones has buffer overflows as far as the eye can see. Who could have predicted that?

A little more obscurity and not letting the machine code escape into the wild (for non state actor level adversaries at least) would have helped of course. All programmers waking up a little sooner and realizing how utterly fucked software was the moment buffer overflows entered the field would have helped more.
 
The following users thanked this post: MK14

Online thm_w

  • Super Contributor
  • ***
  • Posts: 7527
  • Country: ca
  • Non-expert
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #1 on: March 17, 2023, 09:15:06 pm »
Yeah thats crazy that its even a possibility no matter how badly the code is written:

Quote
Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.

Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline Ed.Kloonk

  • Super Contributor
  • ***
  • Posts: 4000
  • Country: au
  • Cat video aficionado
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #2 on: March 17, 2023, 10:36:24 pm »
I remember when the 'open' phones started showing up and the total push-back they received from existing phone companies to release or even licence anything.

I suspected then that it was all un-audited garbage.
iratus parum formica
 

Offline tom66

  • Super Contributor
  • ***
  • Posts: 7336
  • Country: gb
  • Electronics Hobbyist & FPGA/Embedded Systems EE
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #3 on: March 17, 2023, 10:54:30 pm »
Been around for a while.
 
The following users thanked this post: thm_w

Offline tszaboo

  • Super Contributor
  • ***
  • Posts: 8218
  • Country: nl
  • Current job: ATEX product design
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #4 on: March 17, 2023, 11:17:16 pm »
Yeah thats crazy that its even a possibility no matter how badly the code is written:

Quote
Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.
Almost feels like it was on purpose...
 

Offline rdl

  • Super Contributor
  • ***
  • Posts: 3667
  • Country: us
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #5 on: March 18, 2023, 02:32:11 am »
Quote
Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.

So, stop using your phone as a ... phone?
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15800
  • Country: fr
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #6 on: March 18, 2023, 02:41:25 am »
What exactly could be done by "remotely compromising" a phone?
Compromising it in what way? What are the risks for the end user?
 

Online ejeffrey

  • Super Contributor
  • ***
  • Posts: 4034
  • Country: us
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #7 on: March 18, 2023, 02:43:46 am »
Probably crypto mining, ddos botnets, and ransomware.  Not good.

 

Offline MarcoTopic starter

  • Super Contributor
  • ***
  • Posts: 7044
  • Country: nl
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #8 on: March 18, 2023, 05:31:26 am »
What exactly could be done by "remotely compromising" a phone?
Check if they have any crypto apps and clean them out.
 

Offline tom66

  • Super Contributor
  • ***
  • Posts: 7336
  • Country: gb
  • Electronics Hobbyist & FPGA/Embedded Systems EE
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #9 on: March 18, 2023, 10:40:15 am »
What exactly could be done by "remotely compromising" a phone?
Compromising it in what way? What are the risks for the end user?

If you can crash the baseband by buffer overflow, you can arbitrary read and write any memory on the processor.  The baseband is usually not restricted to the region of memory it can work in.

That means you can essentially compromise the phone, to the point where SMS messages (as others have pointed out) could be redirected, or you could break the security around payments and banking apps, or steal personal data.
 

Offline mendip_discovery

  • Super Contributor
  • ***
  • Posts: 1024
  • Country: gb
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #10 on: March 18, 2023, 11:10:22 am »
I have always had concerns about 2FA as it just turns the phone into the next point to attack.

Criminals are similar to a Virus, the most successful ones are good at evolving.

Motorcyclist, Nerd, and I work in a Calibration Lab :-)
--
So everyone is clear, Calibration = Taking Measurement against a known source, Verification = Checking Calibration against Specification, Adjustment = Adjusting the unit to be within specifications.
 

Offline tom66

  • Super Contributor
  • ***
  • Posts: 7336
  • Country: gb
  • Electronics Hobbyist & FPGA/Embedded Systems EE
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #11 on: March 18, 2023, 01:02:43 pm »
2FA in general is a good idea.  2FA by SMS is not a good idea (except as an enhancement to 1FA, but only just.)

I've noticed a fair few banks are moving away from it and using additional means of authentication, e.g. touch ID built into the phone.
 

Offline shapirus

  • Super Contributor
  • ***
  • Posts: 1721
  • Country: ua
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #12 on: March 18, 2023, 01:11:38 pm »
So, someone chops off his finger with an axe. Terrible!
Conclusion? Axes aren't safe.
Solution? Let's begin making axes from silicone instead of steel so nobody can chop their fingers off anymore.
 

Offline mendip_discovery

  • Super Contributor
  • ***
  • Posts: 1024
  • Country: gb
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #13 on: March 18, 2023, 01:55:01 pm »
2FA in general is a good idea.  2FA by SMS is not a good idea (except as an enhancement to 1FA, but only just.)

I've noticed a fair few banks are moving away from it and using additional means of authentication, e.g. touch ID built into the phone.

2FA is good but it is in no way as strong as people are led to believe. I know an engineer involved in SIM card level stuff and I nodded as he went off on a RANT about the insecurities SMS 2FA came up.

The issue is if they make the security such a faff then people will not use it. I don't like using the SMS system of 2FA just because I don't like giving every website my mobile number, which can be used to link my identity between sites and if one site leaks then the criminals now have my number to bombard with scam texts. I already get annoyed when I have to go downstairs and find the landline just so I can get a code to log into a website.

There will always be avenues of attack, either it being Social, Software or physical. Let us just hope we don't go back to physical being the only option.
Motorcyclist, Nerd, and I work in a Calibration Lab :-)
--
So everyone is clear, Calibration = Taking Measurement against a known source, Verification = Checking Calibration against Specification, Adjustment = Adjusting the unit to be within specifications.
 
The following users thanked this post: artag

Offline MarcoTopic starter

  • Super Contributor
  • ***
  • Posts: 7044
  • Country: nl
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #14 on: March 18, 2023, 08:51:17 pm »
So, someone chops off his finger with an axe.

I've probably said it before, but I'll say it again. Languages like Rust and Ada Spark are more like sawstops on table saws. For some types of wood you have to turn it off, when you do it's a plain old finger eating tablesaw.

Though in C's case it's an American tablesaw, even the guard removed from the start and never put back.

Let us just hope we don't go back to physical being the only option.

The future will probably be secure enclaves + pin/bio, with only presence detection after an initial authentication for "common" logins. With a master password to copy your logins to a new secure enclave.

Except at the most paranoid levels, which will stick with physical U2F + pin/bio.
« Last Edit: March 18, 2023, 08:55:07 pm by Marco »
 

Offline shapirus

  • Super Contributor
  • ***
  • Posts: 1721
  • Country: ua
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #15 on: March 18, 2023, 09:19:14 pm »
I've probably said it before, but I'll say it again. Languages like Rust and Ada Spark are more like sawstops on table saws. For some types of wood you have to turn it off, when you do it's a plain old finger eating tablesaw.
I have to agree, sort of. These days, C is a tool for either artists, enthusiasts or top-skilled craftsmen. But when you need a tool with which a hundred of average Joes can create a smartphone application (which can later be supported by another hundred of those who replace the first), then something with builtin foolproofing is a much better choice, even if at the expense of losing control of the low-level stuff.

In other words, C itself is not a mistake. But choosing it as a tool can be.
 

Offline eti

  • Super Contributor
  • ***
  • !
  • Posts: 1801
  • Country: gb
  • MOD: a.k.a Unlokia, glossywhite, iamwhoiam etc
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #16 on: March 19, 2023, 02:04:33 am »
Drop some into ChatGPT and see what it makes of it, haha!
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15800
  • Country: fr
Re: A new chapter in "C was a mistake", courtesy of Samsung
« Reply #17 on: March 19, 2023, 03:30:05 am »
Drop some into ChatGPT and see what it makes of it, haha!

Absolutely.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf