Reverse-engineering a Qualcomm baseband
Guillaume Delugré acknowledged researcher Ralph Phillip Weinmann’s work from last year during Delugré’s talk on reverse-engineering a popular 3G USB data stick.

Guillaume Delugré discusses how he reverse-engineered Qualcomm firmware and developed a debugger.

The USB stick runs a proprietary OS named REX. Delugré reverse-engineered a diagnostic mode used by Qualcomm engineers. Although some work has been done on documenting and using the diagnostics interface (the ModemManager project), he developed more detailed specifications.

Delugré explains the format for an undocumented diagnostics interface.

Cellular protocol stacks for Internet
Harald Welte, a lead developer of the Openmoko project and a Linux kernel developer, gave a good breakdown of various mobile data protocols. Cellular voice communication on GSM has gotten a lot of coverage over the years, but outside of the mobile industry there has been little to no information on how the data protocols function.

Harald Welte presents details on mobile data protocols.

The talk covered the layout of a number of the mobile data protocols, including the latest 3G protocols.

Diagram of UMTS network architecture.

Perhaps in the next year we will see more development in the exploitation and security of mobile devices.

The duo have been surveying phones surreptitiously when I take them shopping, looking up reviews on the net and sounding out friends to get their feedback. They focussed on discovering which phone offered the maximum features.

When I learnt of these activities (I was casually informed I could surprise daughter with said phone on her birthday!), my main concern was different. Sure, they offer faster broadband Internet that makes it possible to watch TV, make video calls and download music and movies. But what I really wanted to know is; are they safe?

As smartphone are extensively used for social networking, file sharing and web surfing, they will form rich fields for hackers to profit from. Just as they could do with our PCs/ laptops, they can hack into these phones and steal data. Their basic modus operandi of spyware and viruses when applied to mobiles, can wreak the same havoc they did on our PCs/ laptops.

And then there are those ubiquitous apps! Take for instance, Color. Using Bluetooth and proximity, this app will automatically share all your photos, videos and e-texts with any Tom, Dick and Harry using the app and happens to be in Bluetooth range.

Now put this in the context of the 3G stats and the picture becomes more daunting. According to PricewaterhouseCoopers’ ‘Mobile Broadband Outlook 2015’ report the 3G broadband subscriber base is expected to cross 107 million by 2015 with the mobile subscriber base projected to cross 1 billion in 2014! Clearly, the more, the scarier and until the service providers, authorities, equipment manufacturers and app developers are able to tackle the issue at its root, my advice is – if you’re going to spend money on an expensive device, make sure to protect it too.

Put anti-virus and firewalls on your smart phone and remember to switch off the Bluetooth function when not in use. But most importantly, remember to check the veracity of every app that you download on to your smart phone.

So, coming back to my initial dilemma, I know Android devices have been proven safe so far, but isn’t it only a matter of time? That said, for now, I think I may just give in with respect to that birthday present I ‘owe’ – subject to terms and conditions of course! Do you think I am doing the right thing? Drop me a comment – I’d love to hear your thoughts and of similar experiences and how you dealt with them.

Anindita