Samsung's 5th-generation Android-based Galaxy smartphone was released April 11, 2014. Improvements to the phone include a fingerprint scanner, updated camera, larger display, and water resistance. It is available in four different colors; black, blue, white, and copper.

452 Questions View all

Disabling near-field communications for security

I note that ALL near-field (but not USB) communication on this phone is carried out by the Broadcom BCM4354. I am interested to know if anyone has looked at the security of this chip and Broadcom give only basic descriptions and NO pinout. I plan to reprogram the driver so that the phone becomes passive (it notes all local wireless without becoming visible) using my 16 years experience in similar coding environments (even the latest consoles have their code profiled and hand-coded assembly language is used - to get code onto a 32-byte boundary so it uses 1-less L1 cache tab).

It's my experience that near-field communication is the LEAST secure and would look to add very high security or, in the words of Neal Koblitz 'I love childean poetry'. Elliptic-curve to encrypt the symmetrical key which, I'm thinking of using a 256 or 512-bit implementation of the SAFER algorithm. Why? Because it's possible to use to video-chip to decode a number of blocks (16 in fact) all at once so low CPU & GPU usage.

I'm also looking into MESH technology and if I get this working I will a)make source available (I'm doing this in my own time so the company doesn't own it) and the likely minor hardware tweaks. The SAFER is also cool for data sent over the mobile network. Many older phones STILL use GSM when they contain a CPU that is quite fast enough to support AMR - if you trust the caller - you could receive the code as Java bytecode or even object code thus making phonecalls at once higher quality AND secure.

Other details - X-509 certificates, built in SMS editor (i.e. EVERY BIT of the SMS data) and other such stuff. Basically - a SECURE phone. It's illegal co change IMEI in many countries, but how does the law deal with OS calls that return another value? This is one grey area - from country to country, from call to call. I would like to make it the situation that if unwanted people get the phone, swapping to a new SIM, not a new phone would be all that was required. The numbers, BTW, can be encoded.

Lastly, the holy grail - 100% secure phones. The ONLY truly 100% (if done properly) is the use of a 1-use pad. Every byte that is sent, is substituted from a table. It's bulky but get together with your boss & sit there while a large amount of MicroSD memory is filled with lots and lots of data.

I think I've about covered it but before the S5, there was a VERY basic trick to get into any and all of the memory of mobile phones due to a design feature of the ARM chip (from the one in the 3DO to the ones in the Gameboy DS and some others, for friends). If you know the trick, you know it - if you don't, I'm not handing out free information that may risk someone elses security... I know, after all I said, that sounds prudish, but trust me, it became an open secret.

Many thanks,

S

Answered! View the answer I have this problem too

Is this a good question?

Score 0

Comments:

I think you need to spend some time at a good library digging though the standards and engineering papers they have.

by

Add a comment

1 Answer

Chosen Solution

While I'll agree anything man can build can be broken into, the issue is how much work does it take and if you gain anything useful.

A lot of thought went into both passive and active RFID/NFC solutions.

Getting back a product or shipping code offers nothing useful to the hacker without access to the back-end data system in the case of most passive usage.

As an example on an active system - Apple Pay: What is sent across is of little consequence as its nothing more than a key between the bank and the store you bought from. Once used it can't be used again and offers nothing about you.

Other pay systems could be less secure. I have not done an in-depth study of the others. From what I've read many have complex solutions which could put you at risk. All I know is credit cards are not secure and even the chipped versions offer little improvement from the mag tape versions (as much as the credit card people want to convince you otherwise).

The security of the account and the transaction is the key here. If you loose your card you're exposed. You use your card and the store is hacked either at the pay console or the store back-end your exposed. If you (your phone) and your bank are the only risk points then you have the means to control things. As an example remote locking and wiping of your phone if you loose it. If the bank is broken into then you'll still get your money and likely move to a different bank (I would).

What is more of an issue is passports (passive tags), here seeing someone carrying a known countries passport could put that person at risk. Which is why its' smart to carry it in a shielded case so the tag it has can't be read. This also holds true with some of your credit cards and other ID's.

You also have much more than RFID/NFC involved in your question which is well beyond what IFIXIT is about.

Was this answer helpful?

Score 2
Add a comment

Add your answer

sean will be eternally grateful.
View Statistics:

Past 24 Hours: 0

Past 7 Days: 0

Past 30 Days: 2

All Time: 176