Great summary. I can recommend reading EFF’s “The Problem with Mobile Phones” writeup, especially the section regarding “Phones off”. There is also a good paper summarizing baseband exploitation.
Don’t trust any of them. Ditch your mobile or make sure battery is removable. Don’t have anything mobile-enabled in your PC. Just avoid wireless in general unless its infrared. Even then it needs to be off by default.
Let me see if I understood this summary correctly. It’s better not to use a mobile phone (whether it’s a smart one or not). If you have to use one:
That’s a good start. Might need to physically disable… however one would do so… the chip that connects to cell towers. That’s assuming there’s one for WiFi and one for cellular in the phone you use. Also, if no baseband is needed, a secure phone is easier to accomplish with homebrew or open components like this thing:
I also got a little inspiration from those VoIP phones using USB at Walmart & the JackPair I crowdfunded. The USB phones just need a few components that there’s already open cores for plus a board, buttons, shell, etc. Might even convert a popular one into an open one by replacing the CPU or USB chips. Put mediation in it so computer can’t attack the phone. Then, JackPair style, you do all the audio & encryption on that device with computer just doing transport.
The JackPair problem was the phone might still record your voice or image while you’re using it. So, the microphone and camera must have a physical, power switch on the smartphone. If you’re VoIPing through a PC, you just have to have no microphone or camera in it. The USB phone or JackPair-type devices work fine there outside emanation or analog risks. You’d have to be really targeted for those attacks to happen, though.
The next step I had was how to add cellular. Well, there are the baseband chips or add-on boards. The trick is putting them on a dedicated board with octocoupler/infrared connection to main board. The main board doesn’t trust it in that it mediates the I/O. The interface API & data format between the two must be simple with use of finite, state machines in an isolated process. All incoming data gets input validation. This collectively blocks protocol, data, DMA, and some electrical attacks. One can add EMSEC shielding on top of that if needed to prevent wireless from illuminating the main board to bounce its keys or plaintext out. An example of what those look like is Harris’s secure, Wifi device in the upper-left pic: