On 10/14/14, bluelotus@openmailbox.org wrote:

How would tethering a tablet or laptop to a smartphone be more private than directly using the smartphone?

it is more private because you are separating domains of communication. the less trustworthy smartphone is used as a network link (cell or other uplink) and not trusted with the content of the encrypted communications it carries. likewise, the cryptographic sessions live off device, on the tethered tablet or laptop, where presumably it is beyond reach of a suspect smartphone. there are many attack methods which can escalate beyond the vulnerable device, however, so this approach must be considered in the context of threat model, and likely insufficient alone.

Do tablets have a secret baseband?

yes, however they are fewer, and if limited to 802.11, easier to isolate / verify with external tools.

How to drive a phone's sms over it's usb port?

"instrumenting and automating" device behavior through remote or programmatic means is a black art unto itself. :P best regards,

On Wed, Oct 15, 2014 at 1:55 AM, coderman wrote:

it is more private because you are separating domains of communication. the less trustworthy smartphone is used as a network link (cell

...

...

Is connecting to a cell hotspot or another phone to use the native cell voice/data (cell) of the cell network even possible?

This is why I still ask this, as being able to use the 'cell voice' or 'cell data/IP net' from an isolated standoff would be useful. Unlike using the common 'WiFi internet' provided by cell hotspot/tether, I've not yet found any protocol, app or hardware for extending either of those two cell network services (voice/data) from the infected baseband device to your isolated secure laptop/pad. Though cell voice/dialing may not actually matter as, unless you needed to do it remotely, you'd just pick up the infected baseband device and use it for only that purpose. Same for cell data. (Cell data is not SMS, fyi). Note this is not the same as using say your home internet or coffee shop wifi to subscribe some voip trunk over the internet. It is directly using/hooking to the cell carriers voice or data channel, like your GSM phone does.

there are many attack methods which can escalate beyond the vulnerable device, however, so this approach must be considered in the context of threat model, and likely insufficient alone.

I was referring strictly to baseband threat, not caring about what is attempted over the WiFi/BT/NFC/audio gap from the baseband infected device to the user's relatively more secure/isolated laptop/pad.

That bites both ways. If I can get control of your Android device (which, given the exploit-like-it's-the-1990s state of security of the whole ecosystem shouldn't be that hard) then I've MITM'd your net connection, while doing the same for your router/access point is likely to be a lot harder.

I think anyone savvy enough to be separating domains in this way *because they can't trust their router (phone)* will have taken steps to make MitM'ing the router irrelevant. Pre-shared VPN certificates would largely render this pointless, right? As would Tor on the computer through the phone? Any attempt to MitM would result in failed cert checks. Now, you could get the phone to take action on its own that might assist in exploiting the upstream computer, so for example USB based attacks (#BADBIOS? :P) or just port scanning the computer through the tether and attacking open ports. So, isolating and firewalling against the phone, and treating it as a potential attacker plugged right into the device, is important if you're at this stage of paranoia. :) Of course, with bluetooth tethering (or even wifi, if you can power it) the USB bus attacks aren't as relevant. But firewalling the network connection with the phone, then VPNning or Torifying the connection through the phone, would be necessary for a properly "untrusted phone" connection, IMO. On 16/10/14 04:55, Peter Gutmann wrote:

coderman writes:

...

it is more private because you are separating domains of communication. the less trustworthy smartphone is used as a network link (cell or other uplink) and not trusted with the content of the encrypted communications it carries.

That bites both ways. If I can get control of your Android device (which, given the exploit-like-it's-the-1990s state of security of the whole ecosystem shouldn't be that hard) then I've MITM'd your net connection, while doing the same for your router/access point is likely to be a lot harder.

Peter.

-- Twitter: @onetruecathal, @formabiolabs Phone: +353876363185 Blog: http://indiebiotech.com miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM