FWIW, the sort of people with access/leverage to be able to compromise a device through the baseband probably don't leave behind traces revealing it happened. They just drop hints to the local cops that they ought to find a reason to pull you over for a traffic stop and coincidentally smell pot smoke to give them probably cause to search your car...
(waves at the NSA guys...)
I _hope_ that sort of capability is still a year or two away from guys with an Ettus USPR and a bunch of open source software and hacking tools glued together with Python... But keep your eyes on DefCon and CCC to be sure...
They probably don't leave traces because compromising a modern Apple device through the baseband would be quite a trick, given that it's an independent peripheral connected to the AP over on-chip USB.
That's good to know (and for almost anybody else I'd add "citation needed"...)
Didn't the iPhone baseband processor at some time in the past have dma? I vaguely recall a perhaps Usenix paper that seemed to claim any phone that had a software unlock where you could disable the carrier locking, was almost certainly using dma connections between the baseband and AP. Any hints or links or search terms which would show me how modern an iPhone needs to be to be "safe" from that?
I don't know what the first iPhone to have an HSIC baseband was, but it has been awhile. I assume every iPhone anyone is really using today fits the description I gave. The iPhone 4 does. This is a really basic security design concern for mobile devices; you can assume that neither Apple nor Google (for their own Google-branded phones) ships products where a corrupted baseband can simply DMA its way into the AP. It is a little weird to me that people on message boards assume they've outguessed the hardware security teams at both Apple and Google on one of the most obvious attack vectors for their phone designs; both companies spend huge amounts of money on this stuff.
"It is a little weird to me that people on message boards assume they've outguessed the hardware security teams at both Apple and Google on one of the most obvious attack vectors for their phone designs; both companies spend huge amounts of money on this stuff."
For what it's worth, that isn't the assumption people are making. The easy assumption to make is that the security teams were unable to convince product owners at these companies that the extra expense of solving this was worth their investment. Especially because practical baseband attacks still haven't hit them as an issue, and it's very rare for product owners to take on major changes or invest in security for "theoretical" threats.
Just look at all of the services still allowing SMS for 2FA - it's not because the security team doesn't know that is an insane thing to be doing in 2018.
No, it's because end-users don't adopt 2FA via TOTP and, to a first approximation, nobody uses U2F. It's not a corner security teams are cutting. Microsoft's security team makes the same decisions.
Microsoft doesn’t have “a” security team. They have dozens of security-ish teams. And I can assure you that none of them made that decision. The product teams did. And security people there disagree with it. You likely think security teams at BigCorp have more teeth than they do. With a few exceptions, Microsoft is known for hiring well qualified security people and then giving them no authority to do much until something is already on fire.
Search for a tweet by Kostya expressing surprise and delight at the fact that they actually fixed an internal find a couple years ago. Or grab a beer with the nearest ex-microsoft security person and have them tell you stories about servicing internally discovered vulns.
You’re right that the security team aren’t cutting corners. Because that isn’t how things work.
Some may argue this has already happened - to at least half their social circle. (Not me though, I consider myself "recreationally paranoid" rather than "raving looney paranoid" - other people's opinions on that probably differ...)
