Does security need to be binary? I don’t disagree with the content, per se, but the obvious conclusion from this article is that it doesn’t matter which phone I use to deposit checks by photo or send bitpaycoinpal to a friend. I think it matters quite a bit.
It’s good to be cognizant that “winning” may be impossible, but “you should give up now; you’ve already lost” is a net negative.
I think the article’s unstated assumption is that people want their phones to be secure from state actors. A binary that is old, secret, probably not receiving updates, and sharing memory with the main CPU sounds like a welcome mat for the kinds of vulnerabilities state actors have been using.
I agree that “give up” is not a good message, even a token “let’s get cracking on trustworthy chips and firmware” would’ve been nice.
I agree that security doesn’t need to be binary. Everytime someone comes up with an entrant in the “more secure” phone space the comments become about how it’s impossible to be really secure because of the baseband. The baseband issue is important but most secure phone implementations are dealing with corporate espionage, malicious ‘friends’, etc rather than state actors.
I do like the recommendation brought up in the HN thread to disable the radio if you more security. On Android phones this can be done by dialing “ *#*#INFO#*#*” (star-hash-star-hash-4636-hash-star-hash) to access the phone testing menu, going into Phone Information and pressing “Turn off radio”. This lasts until the next boot. To deal with the lack of phone you can use Signal, Silent Phone or similar to get encrypted calls and messaging via WiFi. With a 4G WiFi modem you can get mobile data with safe separation from the device.
I’m not sure there’s a market for a device with this separation by design but I’d like to try one if there was.
Why would you trust your phone’s
software to turn off the radio?
So I didn’t know this before, but several other people have pointed out that the baseband in modern phone design doesnt have DMA. The whole thing may be a bogeyman.
I would be interesting to know which devices do and don’t have an issue with the baseband. This post on Samsung Galaxy baseband backdoors seems to show that some phones from a year ago had issues.
This is really good. The only open source GSM stack I’m aware of is woefully behind, and the mobile baseband industry is shaping up to be an oligopoly at best: ISTR hearing that Apple wrote their own baseband firmware, and Qualcomm is pretty much the other player.
Related: phk just did a three-part review on the Blackphone which doesn’t really paint the phone and the company behind in a good light:
Not surprised, but they really should reconsider their use of “private by design”…
Really this should be titled “There are no secure phones” GSM has been a mess since the beginning and the ability to download the A5/1 rainbow tables and use an rtl-sdr is proof of that.