When we talk about computers, smartphones, tablets or mobiles, we generally assume that there's just one operating system. We believe that it is the interface between humans and hardware. But what if there is more than one OS?
In fact, there is a secret second operating system — the baseband OS. And this could make every mobile phone insecure because every time you send a text message or receive a call, the baseband OS registers it. The problem with this OS is that it is usually proprietary, closed-source, bug-ridden, and has extensive hardware level access to your data.
A phone's baseband is like a black box that communicates with a cell tower and has hardware level access to your GPS and microphone. The baseband is firmly established in your phone hardware and is difficult or unlikely to change. It has its own CPU and is vulnerable to attacks. The Blackphone or any other mobile phone for that matter does not protect against this.
Researchers from across the world are looking into the possibilities of baseband hacking. Mobile baseband can be hacked using a fake base station. A hacker will route all your mobile phone data via this fake base station and eavesdrop on all conversations and go through all data, be it text or audio or video.
After copying all your data, the hacker can communicate with another real station to complete the network connection. All this goes on without the user realising that he/she has been spied upon. Even the most secure phones are vulnerable to such attacks.
A base station is usually a 30-ft tower. A London firm, PA Consulting, figured out how to shrink the entire thing into a 3-inch Raspberry Pi, one of the biggest inventions in recent years. This $30 Linux-based computer, about the size of a credit card, is targeted at educating the next generation of software and hardware engineers in programming.
"The Raspberry Pi base station that was developed at our Cambridge Technology Centre shows the vast potential of low-cost hardware. Such small cell technologies open up several possibilities — simple in-home coverage improvement, replacement networks in disaster areas, provision of targeted advertising, or even "dial-an-exhibit" at a tourist location," Frazer Bennett, technology expert, PA Consulting Group, told dna.
A base station being run on a 3-inch Raspberry Pi makes baseband hacking a significant threat. It is still to be seen how secure smart phone manufacturers such as BlackBerry, Boeing, GeeksPhone and Silent Circle deal with this.