General > General Technical Chat

A new chapter in "C was a mistake", courtesy of Samsung

(1/4) > >>

Marco:
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

Samsung was silly enough to leave its mobile phone baseband machine code out in the open ... and don't you know it, an ancient massive closed source C codebase with shared memory access to everything in mobile phones has buffer overflows as far as the eye can see. Who could have predicted that?

A little more obscurity and not letting the machine code escape into the wild (for non state actor level adversaries at least) would have helped of course. All programmers waking up a little sooner and realizing how utterly fucked software was the moment buffer overflows entered the field would have helped more.

thm_w:
Yeah thats crazy that its even a possibility no matter how badly the code is written:


--- Quote ---Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.
--- End quote ---

Ed.Kloonk:
I remember when the 'open' phones started showing up and the total push-back they received from existing phone companies to release or even licence anything.

I suspected then that it was all un-audited garbage.

tom66:
Been around for a while.

tszaboo:

--- Quote from: thm_w on March 17, 2023, 09:15:06 pm ---Yeah thats crazy that its even a possibility no matter how badly the code is written:


--- Quote ---Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.
--- End quote ---

--- End quote ---
Almost feels like it was on purpose...

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod