Memory Flashing Attacks

Popularity:

10

Simplicity:

7

Impact:

10

Risk Rating:

9

The case of flashing memory is best discussed on the mobile platform, as for more powerful platforms (e.g., PC and server) signed flash updating programs can be used to enforce secure re-flashing. On lightweight platforms such as mobile phones, flashing the memory lets you change the platform configuration and execution environment, enabling the attacker to access many unauthorized features, from the ability to bypass the SIMlock mechanism that prevents the user from using SIMcards from a different mobile operator to play any DRM contents (e.g., ring tone, music file) to the more dangerous ability to change the mobile unique identifier (International Mobile Equipment Identity /IMEI) making the attacker more difficult to trace on any mobile network. This kind of attack has been facilitated by the creation of cheap dedicated hardware, leading to a dramatic increase in the number of stolen phones, which can be reprogrammed with ease.

Enforcing restrictions such as SIMlock would be difficult, if not impossible, on a PC platform, due to very different privacy environments. The mobile phone carries less personal information than the PC, though this information may seem more important to the user. Mobile operators have been able to operate with these assumptions for a long time, and so ensuring that the execution environment cannot be changed is more acceptable in this case than in other platforms. Not only is execution environment enforcement a requirement for the business model to be correct, but certain national and international laws also mandate that the mobile identifier IMEI cannot be changed.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment