[kwlug-disc] cell phone security and privacy

Chris Frey cdfrey at foursquare.net
Tue Jul 26 22:34:41 EDT 2022 

On Tue, Jul 26, 2022 at 06:58:07PM -0400, Doug Moen wrote:
> After researching cell phone OSes and installing Graphene, I suddenly
> have a lot of opinions about privacy and security in cell phone operating
> systems. I now have a fully degoogled Android phone, and I'll talk
> about that.

Thanks for the detailed info!  I haven't gone either route yet,
pinephone or graphene, so I'm very happy to see the trail blazed
before I get there.


> So Pinephone is a security nightmare. You can't trust the software
> to enforce your privacy policies. To compensate for this, Pinephone has
> hardware kill switches for the cam, mic, LTE, bluetooth, wifi. Okay, but
> Graphene provides these switches in software, and it has a hardware-backed
> security architecture that makes them trustworthy. And I can trust
> Graphene not to leak my PII even when my LTE or wifi are turned on.

The hardware kill switches sounds like a wonderful thing to me,
especially if it were in addition to the Graphene features.

I recall reading about the broadband and SIM interconnections
in an article a while back:

	"At that point, the SIM can answer with a command, and the power
	that the proactive SIM can have over the baseband processor is
	impressive, actually beyond that of the application processor. In
	particular, the SIM can make pop-up windows on the application
	processor, get access to the keyboard, send SMS, start USSD
	and data sessions, and control supplementary services, like
	call forwarding.

	"There is no direct communication between the application
	processor and the SIM. Some baseband processors can relay
	information between the application processor and the SIM, but
	this is not common. The SIM acts directly through the baseband
	processor without any involvement of the application processor,
	meaning that, without special test equipment, the user may have
	no way to know what the SIM is doing."

	https://medium.com/telecom-expert/structure-of-a-smartphone-383575de3eaf

That made me nervous, and I started to wonder if we'd ever have privacy
and security on our phones.  If a hardware kill switch could interrupt
this kind of behaviour, I'd be all for it.

- Chris

More information about the kwlug-disc mailing list