| General > General Technical Chat |
| A new chapter in "C was a mistake", courtesy of Samsung |
| (1/4) > >> |
| Marco:
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Samsung was silly enough to leave its mobile phone baseband machine code out in the open ... and don't you know it, an ancient massive closed source C codebase with shared memory access to everything in mobile phones has buffer overflows as far as the eye can see. Who could have predicted that? A little more obscurity and not letting the machine code escape into the wild (for non state actor level adversaries at least) would have helped of course. All programmers waking up a little sooner and realizing how utterly fucked software was the moment buffer overflows entered the field would have helped more. |
| thm_w:
Yeah thats crazy that its even a possibility no matter how badly the code is written: --- Quote ---Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number. --- End quote --- |
| Ed.Kloonk:
I remember when the 'open' phones started showing up and the total push-back they received from existing phone companies to release or even licence anything. I suspected then that it was all un-audited garbage. |
| tom66:
Been around for a while. |
| tszaboo:
--- Quote from: thm_w on March 17, 2023, 09:15:06 pm ---Yeah thats crazy that its even a possibility no matter how badly the code is written: --- Quote ---Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number. --- End quote --- --- End quote --- Almost feels like it was on purpose... |
| Navigation |
| Message Index |
| Next page |