Disabling near-field communications for security
I note that ALL near-field (but not USB) communication on this phone is carried out by the Broadcom BCM4354. I am interested to know if anyone has looked at the security of this chip and Broadcom give only basic descriptions and NO pinout. I plan to reprogram the driver so that the phone becomes passive (it notes all local wireless without becoming visible) using my 16 years experience in similar coding environments (even the latest consoles have their code profiled and hand-coded assembly language is used - to get code onto a 32-byte boundary so it uses 1-less L1 cache tab).
It's my experience that near-field communication is the LEAST secure and would look to add very high security or, in the words of Neal Koblitz 'I love childean poetry'. Elliptic-curve to encrypt the symmetrical key which, I'm thinking of using a 256 or 512-bit implementation of the SAFER algorithm. Why? Because it's possible to use to video-chip to decode a number of blocks (16 in fact) all at once so low CPU & GPU usage.
I'm also looking into MESH technology and if I get this working I will a)make source available (I'm doing this in my own time so the company doesn't own it) and the likely minor hardware tweaks. The SAFER is also cool for data sent over the mobile network. Many older phones STILL use GSM when they contain a CPU that is quite fast enough to support AMR - if you trust the caller - you could receive the code as Java bytecode or even object code thus making phonecalls at once higher quality AND secure.
Other details - X-509 certificates, built in SMS editor (i.e. EVERY BIT of the SMS data) and other such stuff. Basically - a SECURE phone. It's illegal co change IMEI in many countries, but how does the law deal with OS calls that return another value? This is one grey area - from country to country, from call to call. I would like to make it the situation that if unwanted people get the phone, swapping to a new SIM, not a new phone would be all that was required. The numbers, BTW, can be encoded.
Lastly, the holy grail - 100% secure phones. The ONLY truly 100% (if done properly) is the use of a 1-use pad. Every byte that is sent, is substituted from a table. It's bulky but get together with your boss & sit there while a large amount of MicroSD memory is filled with lots and lots of data.
I think I've about covered it but before the S5, there was a VERY basic trick to get into any and all of the memory of mobile phones due to a design feature of the ARM chip (from the one in the 3DO to the ones in the Gameboy DS and some others, for friends). If you know the trick, you know it - if you don't, I'm not handing out free information that may risk someone elses security... I know, after all I said, that sounds prudish, but trust me, it became an open secret.
Many thanks,
S
Questa è una buona domanda?
1 Commento
I think you need to spend some time at a good library digging though the standards and engineering papers they have.
da Dan