On Thu, Apr 3, 2014 at 3:10 AM, <antispam06@sent.at> wrote:
... That made me wonder. What are the risks involved using a Tails PC and getting online through a 3G clean Android smartphone with no apps installed or Google accounts activated tethered through USB?
as long as you assume the 3G link is as trustworthy as your neighborhood open wifi, you're fine. i can tell you that i've had malware sent down a 3G pipe to a tethered target just as you might except on any other hostile network. incidentally, this tethered mode is how i prefer to communicate: 1. a front-end sacrificial/signalling device to indicate a threat level and carry traffic. (hotspot puck, 3G phone, CPE router, etc.) 2. a packet inspecting host to passively monitor for anomalies and respond to emergencies. (emergency zeroisation+filtering) 3. the actual communicating device containing keys and terminating sessions. further hardened by defense in depth. for any decent attacker, mobile platforms are just fucked. sorry! this is true until you can implement an entire isolated SDR stack; even opaque wifi blobs are fail. [i've stated my preference for various software defined radio setups before, omitted.]
Or better yet: who can see what?
I read the hardware is rigged (Samsungs), you wrote about the software being rigged (the ability to remotely install apps), and surely the phone company can do a lot of tricks from the early days of GSM. So is it crazy to route Tor traffic through such a gateway?
it's fine to route traffic over such a device as long as you assume the attacker is also watching and able to inject into your traffic over said gateway :) this means you run Tor on a different device, not the phone itself. last but not least, regarding the "Mission Impossible: Hardening Android for Security and Privacy" https://blog.torproject.org/blog/mission-impossible-hardening-android-securi... i have found the following techniques useful in the past against advanced attackers: 0.) rootkit Android kernel to trap and notify|block syscall use by user-id and process-id. anomalous calls by a privileged processes or users is a great signal of compromise. 1.) monkey patch Android API in every dalvik runtime for specific calls of interests that should not be granted. this caught the "Android Master key" vuln in practice as an updated app was behaving way out of permission and expected profile. 2.) deploy camouflage guacamole to feign vulnerability to various techniques and then use exploit attempts to signal presence of an adversary of identified capabilities. doing the above on a reference Nexus 7 platform left as exercise for the reader, *grin* best regards,