Inside every smartphone and cellular-enabled tablet is a second operating system that you, the end-user, never see. Whether you prefer Android over iOS, or Windows Phone to BlackBerry, buried beneath that OS is another one. It has its own processor and its own executable code. Unlike your preferred OS, which has checks and balances for the software it executes, this hidden operating system trusts every instruction it’s given. What could possibly go wrong?

Your Operating System

You decided on which operating system your device runs for reasons that are as unique as you are. Perhaps you liked the user interface. Maybe you liked the app and content ecosystem. Perhaps you didn’t have a choice because your device was given to you by your employer or school.

Regardless, this operating system is the one that you interact with. It’s the one that apps interact with. It’s the one that developers interact with. It’s the primary and most important operating system on your device? Isn’t it?

Hidden Operating System

Nope.

Inside your device is a completely separate operating system which handles everything that has to do with your radio. Right now Taylor Martin is probably thinking (in his thick, Southern drawl), “Radio? I can’t listen to no radio on my smarty phone!”. That’s not the kind of radio we’re talking about, Taylor. Gosh!

Your smartphone (and possibly your tablet) has more than one “radio” in it. It’s got a radio for Bluetooth, another one for WiFi, and yet another for talking to your cell provider — possible more than one to talk to your cell provider. The “radio” we’re talking about here is your cellular radio. It (and the operating system that runs it) is much more “timing-dependent” than your “on the surface” OS — in fact, it’s “real-time”.

Real-time OSes are hard things to accomplish. A lag of a tenth of a second is far too long . For those of you saying Windows Phone, iOS, or whatever OS you run “doesn’t have lag”, sorry, at this level every OS has lag. So we’re all the same in this regard.

Don’t worry, it’s secure, right?

Something called a “baseband processor” powers the radio’s OS. That OS is proprietary and closed-source. Generally speaking, it’s poorly understood, not well documented, and doesn’t go through any peer review to speak of. That’s not a problem because they’re so secure, right?

Nope again.

This operating system trusts whatever data is sent to it from a cell tower, without checking it. This could be a problem if a cell tower is ever hacked. Sure, that’s not likely to happen, but if it does, every device that connects to it could be compromised. Since cell towers themselves are networked to each other, it’s conceivable that such an attack would quickly spread across the entire network.

What’s more, cell “towers” are getting smaller and more accessible. Some carriers even provide “micro-cells” which customers can install in their business, dorm, or home when a traditional tower is too far away or has a poor signal. These micro-cells are perfect tools for would-be malicious hackers to start developing wide-scale exploits.

To make matters worse

The processors that we spend so much time talking about (NVIDIA, Snapdragon, Intel, etc.) is not the primary processor in your device. According to OS News, the baseband processor is typically the master processor, and the application processor is its slave.

That’s right. We have a full OS, running on a fairly powerful ARM processor, with very little (if any) protections against potential exploits (because it inherently and automatically trusts everything it’s told) running inside the devices that contain a list of all our contacts, our financial information, and our passwords.

The point that nothing bad has happened so far is the good news. Unfortunately, I doubt that security will last. After all, it’s not so much “security” as it is “obscurity” that’s protecting us at this point.

Source: OS News