www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
The second operating system hiding in every mobile phone
By Thom Holwerda on 2013-11-12 23:06:06

I've always known this, and I'm sure most of you do too, but we never really talk about it. Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not one, but two operating systems. Aside from the operating system that we as end-users see (Android, iOS, PalmOS), it also runs a small operating system that manages everything related to radio. Since this functionality is highly timing-dependent, a real-time operating system is required.

This operating system is stored in firmware, and runs on the baseband processor. As far as I know, this baseband RTOS is always entirely proprietary. For instance, the RTOS inside Qualcomm baseband processors (in this specific case, the MSM6280) is called AMSS, built upon their own proprietary REX kernel, and is made up of 69 concurrent tasks, handling everything from USB to GPS. It runs on an ARMv5 processor.


Read more...
 Email a friend - Printer friendly - Related stories
.
Read Comments: 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-42
.
Well...
By andrewclunn on 2013-11-12 23:19:10
... at least now we know how SkyNet takes over :-P
Permalink - Score: 13
.
It gets worse...
By tidux on 2013-11-12 23:49:22
In every phone I'm aware of except the OpenMoko Freerunner (which uses RS-232), the baseband speaks to the "main" SoC through DMA. That's what really makes most smartphones impossible to truly secure.
Permalink - Score: 11
.
RE: It gets worse...
By informatimago on 2013-11-12 23:55:36
It's by design of course. Just wait for another Snowden.
Permalink - Score: 7
.
RE: It gets worse...
By shmerl on 2013-11-13 00:52:58
So, basically that black box system has full access to the RAM of the device, while also being the main communication component? This is really nasty.
Permalink - Score: 6
.
RE[2]: It gets worse...
By ddc_ on 2013-11-13 01:12:13
I hope it is by design, but Hanlon's razor might be more adequate here: careful design would produce one small vulnerability to exploit, or several redundant vulerabilities, but te vast number suggests carelessness and/or stupidity. Though one may easily fit on top of another...
Permalink - Score: 2
.
Comment by shmerl
By shmerl on 2013-11-13 01:23:11
Aren't there 3 operating systems on many phones then? SIM card contains kind of an OS too.

Edited 2013-11-13 01:24 UTC
Permalink - Score: 3
.
Great article
By Berend de Boer on 2013-11-13 01:38:10
Very relevant warning. What kind of phone does RMS use?
Permalink - Score: 2
.
RE: Great article
By Morgan on 2013-11-13 01:46:48
I would think even a modern "dumbphone" would have this nastiness in it. A modem is a modem, and even the most basic cellphone has baseband software, if I'm not mistaken. So much for going off the grid by abstaining from smartphones.

And this potentially affects much more than just cellphones. My wife's iPad and Kindle are both 3G versions, which means they have AT&T-connected modems in them. The iPad modem is "turned off" via iOS, but that doesn't necessarily mean it's off altogether. The Kindle's 3G is used every few days when she doesn't have a WiFi connection.

Beyond those devices, how many cars these days come equipped with onboard cellular connectivity? Here in the US it would be most if not all GM vehicles via OnStar, as well as Teslas. I wonder if every one of those devices have the same potential vulnerabilities as your average cellphone.
Permalink - Score: 4
.
RE: Great article
By shmerl on 2013-11-13 01:46:50
May be no mobile phones at all?
Permalink - Score: 2
.
RE: Great article
By Delgarde on 2013-11-13 01:55:58
Tin can and string?
Permalink - Score: 4

Read Comments 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-42

No new comments are allowed for stories older than 10 days.
This story is now archived.

.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?