To improve the security and efficiency of smartphones, Huawei has developed the new Kirin 650 chipset. Featuring silicon chip level security, the chipset ensures a reliable and secure interface for users.
Kirin 650 Specifications
The Kirin 650 comes with an advanced 16nm FinFET plus process technology that is integrated with octa-core CPU, Cortex A53 (4×1.7GHz + 4×2.0GHz), ARM’s Mali T830 GPU, LTE Cat.7 technology and an i5 coprocessor.
Why does your Smartphone need security?
Our smartphones are our most personal devices. Accumulated with personal messages, information, contacts and photos, our smartphones are also our most common way to check emails, social media accounts and transfer money through internet banking. There is, therefore, a need to keep all this data secure. The Kirin 650 comes with dedicated security mode (HiSEE) to ensure this user security.
Pseudo Base Station Defense Technology: Free of Fraud Calls and Junk Short Messages
Nowadays most phone users are harassed by calls from pseudo base stations. A base station is a fixed station in the mobile wireless network which acts as the transceiver with mobile phones. Now the count of pseudo base stations has been rising steadily in the Smartphone world.
These pseudo telecommunication base stations are irritating users by sending junk or fraud messages, fraud calls and by stealing personal information. This issue has not been solved for a long time but now Huawei has found a solution to provide more security to users from pseudo base station to avoid fraud calls and junk messages.
As a part of this, Huawei applies the pseudo base station defense technology to the Kirin 650 chipset. Pseudo base station defense technology is based on communication baseband processor (Baseband processor is a part of the chipset used in Smartphone that manages the communication process) and it is capable of identifying and rejecting the pseudo communications from fraud telecom.
Chip level HiSEE Security
The Huawei Kirin 650 is integrated with HiSEE security solution which helps in call encryption, secure mobile payment etc. The HiSEE security solution is designed to provide hardware and software data security of devices.
Many users use the fingerprint to unlock the device and make payments. It is, therefore, necessary to secure the fingerprint information. For security, the Kirin 650 provides Replay Protected Memory Block (RPMB gives a secure memory block to stores the critical or dedicated data) where all the dedicated fingerprint information gets stored.
To achieve the highest level of security the Kirin 650 is backed with the ARM TrustZone environment. This technology stores all data in an encrypted format and provides hardware level security. This means that if a phone is rooted or violently dismantled, the data will not be compromised.
Fingerprint sensor interfaces and driver programs are encapsulated in TEE OS so the fingerprint sensor cannot be directly accessed by any third-party application. Trusted Execution Environment (TEE) is a secured storage area in the main processor (CPU) which offers the high level of security. TEE offers isolated execution to provide end-to-end security and it is considered as the most secured application available.
Conclusion
The Huawei’s chipset Kirin650 is protected by the HiSEE security solution. HiSEE security solutions store all data in encrypted form to safeguard user information. The Kirin 650 also provides RPMB where all the dedicated data will be stored and the high-level security is achieved by ARM’s TrustZone. Pseudo base station defense technology based on communication baseband processor is capable of rejecting all the junk message and fraud call. All these security technologies integrated into Kirin 650 to deliver the highest level of security.
Related
These are MSM7200 Data Sheet:
http://www.ent.eetchina.com/PDF/2007FEB/DTCOL_2007FEB15_AVDE_RFR_AN_01.pdf?SOURCES=DOWNLOA D
http://www.qctconnect.com/products/gpsone.html
• Next-generation gpsOne ® Assisted-GPS solution, with an enhanced GPS engine for greater sensitivity and faster start times
• Enhanced filtering software optimizes GPS accuracy and availability for tracking and satellite navigation applications
• Full integration with JAVA and BREW-based development environments to support commercially deployed location services
• Support for MS-Assisted and MS-Based modes, and Standalone GPS mode which enables off-network support
• Support for UMTS Control Plane, GSM Control Plane and OMA SUPL 1.0 User Plane Assisted-GPS protocol
• Supports multiple modes of GPS, inclusive of standalone, MS-Based, MS-Assisted, Hybrid, and gpsOneXTRA™ Assistance
• Enables enhanced standalone GPS through gpsOneXTRA Assistance
• Supports – 160 dBm tracking sensitivity
• Standalone TTFF Hot, Warm Cold (1s/29s/35s) respectively
• Compatible with Qualcomm's QPoint Location Based Server as well as 3GPP and GERAN compliant location servers supporting UMTS control plane and GSM control plane and OMA SUPL 1.0
So,from that spec, i-Mate ULTIMATE 9502 and all MSM7200 based gadgets must have Assisted GPS feature as well as gpsOneXTRA™ Assistance. But, mine is not assisted nor have gpsOneXTRA™ Assistance.
The QUESTION IS: How to enable that feature?
YEah mine took ages to acquire sattelites. I bet ts another 'optional' software implementation for the MSM7200 that I-Mate didn't bother with like graphics drivers
Sign a petition!!!
how about if we make a site like HTC Class Action,make a petition and force imate to make our so called "ultimate" device become the true ULTIMATE as advertised? do lawsuit or something like that... or all the gurus and programmer here develop the driver and enable all the feature that supposed to be enabled...
Coz, we pay for it.. We must get it... just like Kaiser case...
9502 is not cheap, and we MUST make it ULTIMATE!!!
Correct me if I'm wrong, but didn't the Kaiser class action get absolutely nowhere?
And making drivers takes a lot of time and money. It's taken all this time with the Kaiser and the people trying to develop it have only really scratched the surface.
True true...
yup,you're right,some guys on forums.imate.com mentioned the same... HTC doesn't bother to do anything yet... so does imate... sigh...
Name: Cryptographic security for mobile phone information – NUME BETA
Developer: Crypto Telecommunication Security SA (CTS), Switzerland
Price: Free
Available at: GOOGLE PLAY; Amazon com
Genre: Data protection
Current version: 1.0
Description:
NUME BETA – the encryption software demo version, developed by CTS, the leading manufacturer of data security products, allows the users to try the software prior to making a purchase decision.
NUME BETA – the security system, designed to encrypt voice for subscribers, using Android mobile phones. Each of them should download the trial NUME BETA software in his mobile phone. The communication is performed over IP telephony CTS cryptographic servers. It’s money saving compared to standard mobile networks, especially in roaming. AES 64 bit is used in NUME BETA.
The complete working NUME software version uses 256 bit encryption algorithm, developed by CTS and ensures the cryptographic protection for voice, E-mail, SMS, MMS, crypto-chat and crypto conference. Regarding NUME software sales please apply to CTS at www nume ch
This app look good but:
* not intended for normal people (more for business people)
* need for mobile internet (in my country is a problem)
* 64 bit AES encryption algorithm is not safe
In general, the application is very interesting.
Hello, sigcont! Thank you for appreciacion. This app is for thouse, who do not want a stranger interfere in his life. 64 bit AES encryption algorithm - only for demo version
Thom Holwerda at Real-Time Embedded OS specialized website OSnews reports about vulnerabilities that lurk in closed-sourced radio chips.
The second operating system hiding in every mobile phone
The insecurity of baseband software is not by error; it's by design. The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.
(...)
With this in mind, security researcher Ralf-Philipp Weinmann of the University of Luxembourg set out to reverse engineer the baseband processor software of both Qualcomm and Infineon, and he easily spotted loads and loads of bugs, scattered all over the place, each and every one of which could lead to exploits - crashing the device, and even allowing the attacker to remotely execute code. Remember: all over the air. One of the exploits he found required nothing more but a 73 byte message to get remote code execution. Over the air.
Click to expand...
Click to collapse
Source, via HN
Comments at HN are also worth reading, I think.
Do note, that the study run on some old generation of MSM chips.
Here is a counter argument for instance:
Comment by OsQar
by OsQar on Wed 13th Nov 2013 09:51 UTC
I'm not a security expert at all, but I've been working on mobile radio access technologies for several years, so I feel quite confident to say that some or your claims are wrong. E.g:
"The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security."
Well, GSM's baseband was developed from late 80's to early 90's, UMTS' from late 90's to early 00's, and LTE's can be now be considered almost finished. I know that GSM is not secure at all now (it was when it was released, but now it has been cracked), but I'm not so sure about UMTS (CDMA is very hard to demodulate, so cracking is even worse) and LTE (OFDMA is quite a headache).
"What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted."
This is NOT TRUE. At all. Even from GSM times. Handheld devices run a bunchload of ID checks to know what basestation is sending data; and basestations also carefully allocate and check mobile ID's. This is especially true in UMTS (where you have to discriminate interferring users by using pseudorandom codes) and LTE (where you even need angle-of-arrival information to reach more users).
So, I'm not claiming that mobile basebands are inherently secure, but they're definitively not based on 80's security technology.
On the other hand, I agree with your viewpoint that the closed implementations and the huge standards are not the best way to allow the community to check for security bugs. But manufacturers are the main supporters of actual standardization bodies, so it's quite complicated to fight against it.
Click to expand...
Click to collapse
LineageOS / 3.4 kernel security vulnerability patch / change
Posting this here, since this is in everyone's interest to reduce attack surface to these kind of attacks to a minimum
Quoting:
https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help
Meltdown and Spectre Overview
Before we dive in, here's a quick recap of what Meltdown and Spectre are all about. For more in-depth details see our post, The Meltdown and Spectre CPU Bugs, Explained.
Meltdown (CVE-2017-5754)
Meltdown is a CPU vulnerability that allows a user mode program to access privileged kernel-mode memory. It affects all out-of-order Intel processors released since 1995 with the exception of Itanium and pre-2013 Atoms. A list of vulnerable ARM processors and mitigations is listed here. No AMD processors are affected by Meltdown.
Of the two bugs, Meltdown is the easier one to fix, and can largely be addressed with operating system updates.
Spectre (CVE-2017-5753, CVE-2017-5715)
Spectre isn't so much a specific vulnerability as it's a new class of attack. It's enabled by the unintended side effects of speculative execution (something processors do to speed things up by predicting what instructions they're about to recieve and executing them ahead of time).
There are two flavors of Spectre — variant 1 (bounds check bypass, CVE-2017-5753) and variant 2 (branch target injection, CVE-2017-5715). Both can potentially allow attackers to extract information from other running processes (ex: stealing login cookies from browsers).
Intel, ARM, and AMD processors are all reportedly affected by Spectre to some degree, and it poses significant patching problems. While operating system and browser updates have helped mitigate the risk of Spectre to some degree, experts agree the only true fix is a hardware update. As such, Spectre is likely to remain an issue for years to come.
Meltdown-Spectre-comparison-table.png
Source: SANS / Rendition Infosec. See the full presentation here
It's important to note that both vulnerabilities put information disclosure at risk. Neither are remote execution vulnerabilities — in other words, they don't allow attackers to run malware.
Click to expand...
Click to collapse
Following Android's January 2018 security bulletin the following kernel change was rather eye-catching:
CVE-2017-13218 A-68266545* ID High High-precision timers
Click to expand...
Click to collapse
Unfortunately (or luckily for us, security by obscurity) - these kind of kernel changes aren't easy to find for quite some time
It turns out the change is the following:
clocksource: arch_timer: make virtual counter access configurable
The changes to be applied are made in the file drivers/clocksource/arm_arch_timer.c fortunately at first glance it doesn't exist in 3.4 kernels,
unfortunately "Enable user access to the virtual counter" is still (already) there, namely:
arch/arm/include/asm/arch_timer.h
So:
I ask the kernel devs to try out (read: "port back") that change to the 3.4 kernel for the Note 3 (or well, referencing this - all Android devices running 3.4 based custom kernels)
P.S.:
the following important ashmem fix (preventing memory corruption) also potentially is applicable to the 3.4 kernel source:
staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
I haven't built a Note 3 kernel since ... ever - so haven't tested that change and if the resulting kernel would boot,
so I can't say if there's any adverse effects when disabling user(space) access to the virtual counter, in any case security should supersede convenience or even functionality
ACHILLES: Snapdragon chip flaws put >1 billion Android phones at risk of data theft
Hello everyone,
Have you seen this?
https://arstechnica.com/information...billion-android-phones-at-risk-of-data-theft/
Seems a "research lab" discovered over 400 exploitable bugs in the Snapdragon's DSP component. They are calling the vulnerability set "Achilles", here is their announcement:
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
This is alarming, as anyone would be able to p0wn your device by simply having you play a doctored video or audio media file (think email, whatsapp, Instagram, Youtube, etc).
From what I was able to affected DSP component is called Hexagon: https://en.wikipedia.org/wiki/Qualcomm_Hexagon
Now, the $1M question: does AOSP and/or LineageOS and/or the other free/open ROMs incorporate any code to use the Hexagon DSP?
Cheees,
--
Durval.