← Back to Topics

Phone Baseband Security

The cluster centers on security vulnerabilities of baseband processors in smartphones, including proprietary firmware blobs, DMA access to main memory, carrier modifications, and potential backdoors or surveillance risks.

📉 Falling 0.3x Security
2,086
Comments
19
Years Active
5
Top Authors
#8052
Topic ID

Activity Over Time

2008
1
2009
5
2010
9
2011
29
2012
16
2013
122
2014
215
2015
129
2016
180
2017
139
2018
162
2019
167
2020
126
2021
184
2022
142
2023
238
2024
100
2025
110
2026
12

Top Contributors

rsync (47) tptacek (33) seba_dos1 (27) mirimir (22) mindslight (19)

Keywords

CPU ARM OSS DSP NDA NON PMIC SoCs m.html LTE baseband processor dma phones phone memory chip processors firmware cpu

Sample Comments

kevin_thibedeau Oct 3, 2019 View on HN

Doesn't even have to be a smartphone. Every telco is compromised and they can deploy whatever software they or their overlords want to the baseband processor.

dkdk8283 Aug 19, 2021 View on HN

This is already happening to phones. The baseband blobs are proprietary and most devices permit DMA.Nobody really knows what the blobs do. They likely have paved the way for Stingrays and other devices.

rand77763 Mar 11, 2017 View on HN

The modifications installed by your phone company, etc. are not open source. The baseband chip's firmware is not open sourced. I've even heard of DMA being allowed over baseband as part of the Lawful Intercept Protocol.

sliverstorm Apr 23, 2014 View on HN

If you are worried about security, that ship has sailed- have you heard about the baseband processor?

jsiepkes Jan 20, 2019 View on HN

iirc its not (simply because there is no oss baseband) but they went through great lengths to isolate the basebands chips from the rest of the phone. Greatly neutralising the threat the it can pose. In normal phone designs the baseband has unfeathered access to everything.

xfitm3 Jan 10, 2020 View on HN

Personally I consider this to be all phones: the baseband firmware is a blob that does who knows what, and is likely the weakest component of nearly every phone on the market. Most baseband processors are connected via DMA.Prior discussion from 2016: https://news.ycombinator.com/item?id=10905643

revelation Jun 1, 2013 View on HN

It is possible. You need to remember that in a modern mobile phone, there are two high powered processors, the baseband processor and the application processor, communicating only over a very very high level protocol. The application processor runs Android or iOS (or Windows Phone), the baseband processor a propietary RTOS or similar embedded system.The problem boils down to this: baseband (the chip doing the GSM, LTE, .. communication) processors are completely propietary. There is no

robin_reala Oct 14, 2018 View on HN

Android phones give DMA to the baseband. iPhones link up the baseband via USB so that at least is some form of protection.

subway Oct 10, 2017 View on HN

What's really scary is that most Android SoCs now have the baseband sitting in the same package as your CPU, with similar levels of access to system memory. The baseband firmware is usually unmaintained, but often in theory can be altered OTA by your carrier.

allispwned Oct 6, 2018 View on HN

SIM cards can contain applets that execute on the baseband.The baseband often uses the same system memory as the application cpu (where android runs), and might even be in the same package or on the same silicon. In theory devices shipped with an MMU to prevent the baseband from fucking with the application processor. In reality, even Qualcomm ships broken MMU configs, and don't bother to ship a fix until the device is near EOL. I can't even imagine the horror show of Mediatek'