from http://www.reddit.com/r/netsec/comments/209h4d/samsung_galax... :
This is not a backdoor. It's a feature, and a reasonably common one for Qualcomm based devices.
It's an interface to allow the modem access to a persistent data store (ie. eMMC modem partitions) even though only the application processor may access the MMC controller.
Have a look at the rmt_storage client documentation found in a Qualcomm kernel tree. It used to be pretty common to ship a rmt_storage daemon to do the very same thing Samsung is being accused of here (hint: Nexus 5 still uses it), I don't know about other recent devices, but I'd imagine they'd employ something similar.
Also, there are many more ways for the baseband to compromise the application processor, without an explicit interface.
throwaway7767|11 years ago
Are these really mutually exclusive? I don't doubt that qualcomm had good reasons to add this interface, but clearly it can be used as a backdoor, and since the user is not made aware of it, I'd say this meets all the qualifications of a backdoor.
They could have easily designed this in a way that allowed the baseband processor to only write to a designated area instead of giving it full access.
You are right that that the baseband in phones usually has many other ways to directly access sensitive data from the main processor (DMA is the obvious one). But this differs from phone to phone, depending on the hardware design. There are phones where the baseband talks to the main processor through a serial interface with no access to DMA.
eli|11 years ago
unknown|11 years ago
[deleted]
pessimizer|11 years ago
If it's on my phone, it's definitely only a backdoor.