Comment by goku12

Comment by goku12 2 days ago

6 replies

View on Hacker News

As concerning as it is, this is just another addition to the pile of malware that a modern smartphone is. Everyone including SoC manufacturer, RF baseband manufacturer, OEM, OS developer, browser developer and app developers add their own opaque blobs, hidden executable rings, lockdown measures, attestation layers, telemetry, trojan apps, hidden permissions and more.

We lost the game when we allowed these players to impose limits on us in the way we can use the device that we bought with our hard earned money. Even modifying the root image of these OSes is treated like some sort of criminal activity. And there are enough people around ready to gaslight us with the stories about grandma's security, RF regulations, etc. Yet, its the extensive custom mods like Lineage OS that offer any form of security. Their extensive lockdown only leads to higher usage costs and a mountain of malware.

We really need to demand control over our own devices. We should fight to outlaw any restrictions on the ways we can use our own devices. We should strongly condemn and shame the people who try to gaslight us for their greed and duplicity.

charlie-83 2 days ago

I completely agree with you but I'm not sure I can really think of a solution for the RF baseband problem. I really don't want to live in a world where everyone's wifi signal is terrible because lots of stupid software devs decided to boost the RF power for their product to make it work better.

Reply View 1 reply
  • goku12 a day ago

    Yes. That thought did cross my mind. However, the RF baseband is an independent opaque blackbox already. As far as I know, it even includes an entire hidden operating system. But opening up the rest of the system, leaving the BB as it is, will go a long way to an open user-controlled system. We could adopt that as a stop gap measure until a longer term solution is found.

    In the longer term however, we will need such a restriction on RF BB lifted too. Openness isn't just about modifiability. It's essential for security too. I'm someone who believes that security and granular restrictions can be implemented without being hostile towards users. This is why I don't buy Apple's argument that hardware lockdown measures like soldering on batteries, permanently gluing up ICs, etc are essential for miniaturization and security.

    One solution for the problem you mentioned (devs over-boosting the RF output) is to have a one-time programmable power limiter after one of the final fixed-gain RF power amplifiers. (An example of a one-time programmable device is an anti-fuse FPGA). Such a baseband can be programmed to conform to the market country's regulations (or something even stricter) before assembly. This way, the developer can boost the signal as much as they want, but the device simply won't respond beyond the permissible limit.

    Of course, all these are daydreams, because it has to be implemented by the baseband manufacturer. Unfortunately, their incentives don't align with our interests.

    Reply View 0 replies
hurutparittya 2 days ago

Is there any person or organization out there doing significant work against remote attestation being a thing? I'd love to support them.

Reply View 0 replies
nunobrito 2 days ago

Good to see someone well-informed. There is a lot being on that topic, you are not alone.

Reply View 1 reply
  • goku12 a day ago

    Thank you for your kind words and solidarity! Those who understand this should definitely take a public stance, because we're far too apathetic towards such exploitation. It's even more disturbing to see some people supporting measures like these!

    Reply View 0 replies