I feel like the dream of static analysis was always a pipe.
When the payment for vulns drops i'm wondering where the value is for hackers to run these tools anymore? The LLMs don't do the job for you, testing is still a LOT OF WORK.
lots of security issues form at the boundaries between packages, zones, services, sessions, etc. Static analysis could but doesn't seem to catch this stuff from my perspective. Bugs are often chains and that requires a lot of creativity, planning etc
consider logic errors and race conditions. Its surely not impossible for llm to find these, but it seems likely that you'll need to step throught the program control flow in order to reveal a lot of these interactions.
I feel like people consider LLM as free since there isn't as much hand-on-keyboard. I kinda disgree, and when the cost of paying out these vulns falls, I feel like nobody is gonna wanna eat the token spend. Plenty of hackers already use ai in their workflows, even then it is a LOT OF WORK.
well, a concerted attack could easily subvert the baseband if you have a few million dollars and the correct letterhead or private contacts.
GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled.
Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?
> Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?
I do run Qubes, and a compromised router, e.g., will not get access to any passwords that I store in an offline VM as text, even with any previously known vulnerability since 2006.
GrapheneOS have hardened_malloc which is a huge advantage, I think. It makes the weird machines problem much harder. I would say be very careful, because you can still get previews of images, or old and weird media formats that could be exploitable, and android/GrapheneOS doesn't have the same sorts of policy as say Apple with the iMessage blast door. They control safari, etc.
Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.
Chromium is the only web engine present on a fresh install. If a user doesn't install a browser with another engine, the attack surface doesn't get increased. Chromium/Blink is more secure than Safari/Webkit overall so I don't really think this is an argument in favour of iOS. iOS for sure does some good things though and is better than Android in some areas.
fyi a Cell Site Simulator can masquerade as the legitimate telco operator and push type 0 messages to the handset.
What that means is they can push malicious settings and configurations (Definitely) and probably malicious firmware to the handset at will. They don't need to code this, they buy the software packages from the usual suspects. Adversary simply needs to put a drt box or a hailstorm or what-not close enough to the handset to do the work.
The baseband can do a lot, it has dma (if I recall correctly) and can almost certainly screen look, and extract information from some but not all base bands. This varies.
GrapheneOS cannot really influence this, but hardened_malloc could conceivably help. What would be great is a bench firmware re-flash, but I don't want to do this every single day.
> Is the baseband isolated?
> Yes, the baseband is isolated on all of the officially supported devices. Memory access is partitioned by the IOMMU and limited to internal memory and memory shared by the driver implementations. [...]
I don’t have the source (I’ll have to try find it), but I read that the cell site simulators can work on 4G and earlier but don’t work on 5G. So one thing folks can do is set ur phone to use 5G networks only (unless ur stuck and then u can make it looser but be aware your less protected at that time).
I do this on iOS I’m sure it’s do-able on GrapheneOS and hopefully on Android too.
5G CSS is harder yes, but keep in mind that most 5G is the 5G_NSA variety, and is really just riding on the same cell bands, no mmwave here. You probably notice that your phone often slips out of 5g, or you inhabit different modes here.
Essentially, 5G is sort of a lie. Phones spend a lot of time exchanging information via 4g/lte, and just like 2g/3g and 3g/4g, there are simply downgrades that can be performed in the field, without getting too far into the weeds.
I just popped in to add that NASA employee Charles White, a scientist involved with the Mars Rover project, also helped make a Burning Man Mars Rover Car (back before Playa Burning Man was completely and utterly torched twice over by Military Industrial Complex Vacationers and Billionaires) and you can hear an interview with him here on Charles White's yt channel: https://youtu.be/BKGROOedAgI (
Mars Rover Art Car interview with Ray Cirino and Charles White )
Charles White is a pretty good guy in my opinion, we play the same video game (EvE: Online) Where Charles White is a very, very well known community member who is known as "The Space Pope". He officiates weddings at our Iceland Fanfest gathering and also runs a Suicide Prevention Outreach group in EvE: Online, as well as teaching leadership skills.
I mean it was fine for these guys because they got huge press and happen to be in an industry that can handle this. They've got experience, current employment, industry contacts, and there's really barely a functional college curriculum, or certification track for this. You #1 need to be trusted to break in since you know, they teach each other how to break into high-security facilities.
I really just wanna point out that getting contracts for government administrative building is already like, way in and near the top of the game, this could have set them back 9 months or none at all, still, someone has to be held accountable when there is an obvious miscarriage like this.
I mean they called their boss! They had a special letter! Why didn't shitty sheriff just like demand that the security chief come out and make some calls? 600k sounds fair I suppose but 6 years sure doesn't when its an elected official!
Most people doing the right thing use a torque limiter to "gun" the wheel on and then set final torque with the tires just touching the ground (for friction) which is totally adequate.
The thing people might forget is to clear the corrosion off of the wheel and hub which can be a problem if it breaks away as you drive.
When the payment for vulns drops i'm wondering where the value is for hackers to run these tools anymore? The LLMs don't do the job for you, testing is still a LOT OF WORK.
reply