Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

from http://www.reddit.com/r/netsec/comments/209h4d/samsung_galax... : This is not a backdoor. It's a feature, and a reasonably common one for Qualcomm based devices. It's an interface to allow the modem access to a persistent data store (ie. eMMC modem partitions) even though only the application processor may access the MMC controller. Have a look at the rmt_storage client documentation found in a Qualcomm kernel tree. It used to be pretty common to ship a rmt_storage daemon to do the very same thing Samsung is being accused of here (hint: Nexus 5 still uses it), I don't know about other recent devices, but I'd imagine they'd employ something similar. Also, there are many more ways for the baseband to compromise the application processor, without an explicit interface.


> This is not a backdoor. It's a feature, and a reasonably common one for Qualcomm based devices

Are these really mutually exclusive? I don't doubt that qualcomm had good reasons to add this interface, but clearly it can be used as a backdoor, and since the user is not made aware of it, I'd say this meets all the qualifications of a backdoor.

They could have easily designed this in a way that allowed the baseband processor to only write to a designated area instead of giving it full access.

You are right that that the baseband in phones usually has many other ways to directly access sensitive data from the main processor (DMA is the obvious one). But this differs from phone to phone, depending on the hardware design. There are phones where the baseband talks to the main processor through a serial interface with no access to DMA.


Any security bug or potential security bug could be a backdoor. I don't think it's fair to say you "closed a backdoor" every time you fix one.


"Bug" implies a mistake/oversight where the additional functionality was known to noone, and then discovered. This functionality was deliberately created, thus it's a "backdoor".

Based on what seemingly passes for "accepted practice" in the mobile world (download QPST for tons of fun!), the only sane way to have a trustable mobile device is with a separate cell-modem and a well-defined interface.


I mean, maybe I'm confused, but this sounds like they closed one method (among others) that could potentially be used to create a backdoor by, I guess, a carrier or OEM.

There's no evidence that anyone's phone was open to remote exploit at any time.


It seems as if you're using a weird definition - "backdoor" just implies that the functionality exists, not that it has necessarily been utilized.


Can't it be a backdoor and a feature? It's certainly not a feature that helps the users of the device in any way.

If it's on my phone, it's definitely only a backdoor.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: