← Back to team overview

ubuntu-phone team mailing list archive

Baseband / system on a chip security in Ubuntu phones

 

Hi list!

Canonical has chosen to focus their marketing mostly on the commercial side of things by showing usability and features of phones. It is understandable, but I am more interested in the privacy and security aspect, how much I can trust my Ubuntu phone. And there is not much I could find on the subject, so I hope some of you can tell me more about that.

In this regard, I find using a free and open source operating system a very good thing. But I have heard from many sources that the OS is just one part of the phone, the hardware is often not fully controlled by the OS and to a lesser extent, the user.

By hardware I am referring more specifically to the baseband / SoC. It is said to be composed by its own operating system and most of the accessories (microphone, camera, memory, GPS...) are connected to it and are available to the user operating system either directly or in a sort of API way of communicating through the SoC. Please correct if you think this is wrong. I have also found from many sources that the baseband comes mostly as a black box from vendors, not disclosing the source, neither fully documenting it publicly. Various security vulnerabilities or so called backdoors have been demonstrated. Those lead to an attacker being able to communicate directly with the baseband, which operates as a modem, through a cell tower (either real or faked) and send commands, to transparently activate the microphone for instance.

For example, the privacy and security minded Blackphone, claims to use an nvidia SoC that is not publicly opened but to have manufactured the phone in such a way as to have the SoC not connected to the memory nor storage. (If the baseband can access local storage and memory, this can lead to root the phone).

So I am curious about how the Ubuntu phones are wired, what SoC they use, and the security strategy, the BQ as well as the Meizu.

Sorry for no citing sources directly, I believe this is pretty much of public knowledge to anyone interested. Very probably the Defcon videos cover those and even some must offer some demos.

Thank you.
Bastien



Follow ups