On Sat, Aug 01, 2015 at 12:03:06AM +0200, Pavel Machek wrote:
> On Fri 2015-07-31 18:52:15, Mark Brown wrote:

> > Given that the baseband is a key part of the data path it's not like
> > you're gaining anything there as far as I can see?   I suppose you could
> > argue that the AP is actually an additional attack surface here.

> Actually yes, I believe I'm gaining a lot.

> If baseband is directly connected to the microphone, it can eavesdrop
> on me while the phone appears to be idle.

Oh, right.  That's not an issue since there's generally routing control
in the rest of the system (within the CODEC and sometimes elsewhere
also) so you can isolate the baseband from the local audio sources and
only connect it in call.  When not in use the CODEC will be powered down
and even when in use by the AP you'd usually not route to the baseband.

The baseband normally doesn't have sufficient physical access to
relevant control interfaces to get any input.