Sign in / up

back to article Oops. Silent Circle let apps meddle with Blackphone's modem

It's emerged that a software update for Silent Circle's Blackphone that shipped in December included a fix for a pretty egregious bug: the developers had left a modem interface open and accessible to code on the Android-based smartphone. When the upgrade was released, Silent merely noted that the bug, CVE-2015-6841, could be …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

  1. This post has been deleted by its author

    1. JeffyPoooh
      Reply Icon
      Pint

      Since it's a RISC processor...

      Does ARM even include a Register Zero or Clear instruction? I'm not sure.

      RISC = Reduced Instruction Set Computing, minimize the instruction set. Ruthlessly omit extraneous instructions.

      Most instructions execute in one cycle.

      0 0 Reply
    2. diodesign (Written by Reg staff) Silver badge
      Reply Icon

      "But doesn't arm have a zero register"

      Only 64-bit ARMv8 does (just like MIPS). MOV.W is an ARM Thumb-2 instruction, and Thumb-2 does not have a zero register. You can do the same as xor %eax, %eax in ARM:

      EOR r8, r8

      C.

      2 0 Reply
      1. Dabooka
        Reply Icon
        WTF?

        Errrr....

        Whut?!

        Sorry to those posting above, this is way above my knowledge! Continue nontheless, as I sagely stroke my chin while reading the comments, in the vain attempt at looking like I understand this in front of my collegues.

        2 0 Reply

        1. This post has been deleted by its author

          1. diodesign (Written by Reg staff) Silver badge
            Reply Icon

            Re: Re: Errrr....

            One other thing to mention: ARM and Thumb are fixed width instruction sets – instructions are either 2 or 4 bytes wide. X86 is all over the place: instructions can be various widths.

            This is why xor eax, eax is so attractive to tight assembly code, because it's just two bytes (0x31C0), rather than than mov eax, 0 which is five bytes (0xB800000000). You save 3 bytes with the exclusive-OR. And you avoid using NULL bytes, which is handy if you're trying to inject code into another program's buffer...

            On ARM, it doesn't really matter: the instructions are the same length anyway.

            C.

            3 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    So any app can send premium rate text messages...

    ..and it would not show as needing any access permissions during install and leave no trace of sending the text.

    And they laughably sell this as a secure phone?! Credibility lost.

    0 0 Reply
  3. Ken Moorhouse Silver badge

    MOV.W R8, #0

    It's a long time since I've touched any Assembler*, but from recollection, the difference between a MOV and an operation such as EOR is that the Flags (e.g., Carry), don't get updated by the MOV, whereas they do with EOR. MOV is a transparent opcode in that respect.

    The code depicted in the image doesn't seem to depend on such considerations, so it's either the resulting code from a compiler, or a programmer who has learnt one method, and is sticking to it.

    * A really, really, really long time ago: 6800, 6502, 4040, 8008, 8080. Messed around a bit with an RCA1802 too

    1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Not massively impressed..

    .. with Silent Circle trying to make light of leaving the door open by remaining silent (sorry) about it.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like