fj8989 “Big brands like Samsung, like Google took care of their supply chain security relatively well, but for threat actors, this is still a very lucrative market,” said [senior Trend Micro researcher Fyodor Yarochkin].

I am unaware of practical phones with 100% open-source firmware. If that's right then at present you must pick somebody to trust. I would rather trust Google/Samsung than Xiaomi, OnePlus, etc. And it seems as if Trend Micro, FWIW, agrees.

Do you know of any research looking at cell phone firmware? Has anybody taken apart the phones to check for an SPI chip and then reversed the firmware? I have seen this with desktop and laptops, but nothing for cell phone firmware; could be an interesting place to look.

  • de0u replied to this.

    fj8989 Do you know of any research looking at cell phone firmware

    I believe the Register piece linked above is reporting on research into cellphone firmware.