LWN: Comments on "Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)"

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)

tao — Wed, 05 Apr 2017 15:47:22 +0000

That's a false dichotomy.

The firmware that's being uploaded at boot is built from source code by someone (as is, for that matter, the firmware in ROM). The relevant dichotomy is:

"Is the source code for the blob available (and modifiable by the user)" vs "Is the source code for the blob not available (or available, but not modifiable by the user, by means of DRM that prevents loading unsigned blobs or lack of the toolchain to build the blob)"

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)

foom — Wed, 05 Apr 2017 10:51:33 +0000

Wait, I got this.

It's "Thank God the code is uploaded at boot from a file on my filesystem, instead of being [fully] in rom, so you don't need to worry about attacks persisting after power off, plus it's easy to patch!"

That was it, right?

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)

ms — Tue, 04 Apr 2017 21:12:30 +0000

Superb work and writeup.

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)

rriggs — Tue, 04 Apr 2017 19:41:43 +0000

4. Binary blobs are beer for computers. The more binary blobs a computer consumes, the more promiscuous it becomes.

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)

flussence — Tue, 04 Apr 2017 19:00:01 +0000

Oh, oh, I know these!

0. If two computer systems are in equilibrium with a third, it's probably because they don't have GPUs or wifi.
1. Proprietary software can neither be reviewed nor patched, only executed.
2. The entropy of an isolated system with blobs will increase over time, until it ceases to work.
3. As profit margins approach absolute zero, the QA testing done on firmware approaches a minimum.

Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Project Zero)

jhoblitt — Tue, 04 Apr 2017 17:53:07 +0000

The first rule of binary blob club is...