IOS, Android and other phones have Broadcom wifi chipsets, easily exploitable remotely. Has Librem factored in these modern exploits? It is necessary is to use a Wifi chip with ASLR + DEP protection in order to avoid these exploits. Without this, disabling wifi is about as good as it gets. Here is a black-hat video describing these hardware level vulnerabilities. Start at 6:00
1 Like
I am of the understanding that most cell phones use wifi chips that are a part of the of SoC and not separated. This is in particular why such an exploit is so dangerous. It allows a compromised component access to the entire device.
Purism has said in many places and in their own promotional material that they intentionally separate such devices. So a compromised wireless chip does not mean immediate access to anything else (although that is bad enough to begin with). Of course with hardware kill switches there is another layer of defense.
Lastly I thought they were using Atheros chips and not Broadcom. A simple look at their product page would have cleared that up.
1 Like
Thank you @2disbetter, good to know! They don’t say anything on the Librem page about separation of wifi from SoC, but sounds like it is plausible given it is mentioned elsewhere on here. Glad they are not broadcom, though that doesn’t factor out the possibility that Atheros doesn’t have similar bugs. I’m curious if these chips are OTP flash or can be rewritten permanently. I hope there is new wifi tech coming out in the future with ASLR/DEP and other protections, if need be.