it was fun! i assume we have come to an understanding - security, like anonymity, is best as public good that floats all boats UPSTREAM (even if current reality far from vision of ideal). hopefully a good arrangement not needlessly obstructed... best regards, except to the surreptitious surveillance-ers; you're the outlier here! love, codermange --- many of the best detections for advanced attacks involved not-quite consumer hardware and customized systems for distributed storage, observation, and processing. this is way beyond the budget, skill, and time afforded even modestly technical users for most intents and purposes. however, sometimes simple measures to thwart attacks combined with a keen situational awareness can identify sophisticated attacks with less technical means. anomalies signal to attempt counter measures and initiate in depth scrutiny. --- consider the following, - baseband attack against mobile target: + cannot "hot patch" running image, as some changes take effect during initialization. force push results in restart. anomaly #0. + battery longevity one third what expected, distinct transition post-baseband-push for longevity of full charge - power consumption doesn't lie. anomaly #1. + abnormal signal power level for well known location for cell link. anomaly #2. + outbound dial attempts cannot put cell radio into lower bitrate audio call mode - outbound dial attempts fail - serious anomaly #3. (workaround of making call immediately on boot appears effective, and keeping a call in voice mode appears to thwart data exfiltation when no wifi uplink avail. + (technical but possible) pushed baseband needs to pass authentication of image; signature valid, revision same as prior mtd partition archive version, however sha digests do NOT match! this is not expected for the same build version. anomaly #4. --- consider the following, - BIOS attack with post-boot re-infection vector triggered once graphics mode transitions from console to graphical display: + target hardware is a match and supported, however, root file system is XFS, ZFS, or other unsupported *nix variant. attempt to persist by injection on file system using kernel fs funcs and data structures (this gets around FDE by interacting before luks/mdcrypt/loopaes/cryptoloop layer) thus causes kernel panic. anomaly #0. [note: A for effort++ by setting a not-again flag after first attempt. this prevents the kernel panic from becoming a persistent DoS as the next boot attempt will complete normally into graphical desktop. Subsequent reactivation follows similar fail safe of next boot succeeding after post boot persistent hook failure and kernel panic.] --- consider the following, - SMS MitM attack against Android mobile target: + normal delivery of SMS using a client such as TextSecure that checks for delivery confirmation on SMS, (do NOT use fire-and-forget like majority of text clients). attack introduces latency on confirmation due to radio mode switching between high rate exfiltation mode and low rate SMS with additional MitM proxy processing latency added as well. this results in messages initially showing "Message delivery failed" before shortly then confirming successful transmisssion. anomaly #0. + abnormal signal power level for well known location for cell link. anomaly #1.