127k views
0 votes
A systems security engineer is assisting an organization's market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O.

For which of the following reasons is the engineer concerned?

A. These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines
B. The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies
C. The associated firmware is more likely to remain out of date and potentially vulnerable
D. The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set

1 Answer

4 votes

Final answer:

The systems security engineer is concerned because devices with a separate SoC for baseband radio I/O could have firmware that is more likely to remain out of date, leading to security vulnerabilities.

Step-by-step explanation:

The systems security engineer is concerned about devices that use a separate System on Chip (SoC) for baseband radio I/O for several reasons. One significant concern is that the associated firmware for the baseband radios is more likely to remain out of date and potentially vulnerable to security risks.

Since baseband processors manage all radio functions, they are critical to network communication. If the baseband firmware is outdated, it can expose the devices to security vulnerabilities and potential attacks.

Additionally, the baseband SoC operates independently of the device's main processor, making it more difficult to manage and update its firmware consistently, as it often requires collaboration between device manufacturers and mobile network operators.

These outdated systems can communicate over networks that do not meet modern security standards, such as older than HSPA+ and LTE standards, leading to poor encryption routines and potentially compromised device communications. This is particularly concerning for corporate environments where sensitive data is frequently exchanged over mobile devices and network security is paramount.

Option C. The associated firmware is more likely to remain out of date and potentially vulnerable is correct.

User Nagashayan
by
7.9k points