Re: [tor-talk] How safe is smartphones today?
On Thu, Apr 3, 2014 at 3:10 AM, <antispam06@sent.at> wrote:
... That made me wonder. What are the risks involved using a Tails PC and getting online through a 3G clean Android smartphone with no apps installed or Google accounts activated tethered through USB?
as long as you assume the 3G link is as trustworthy as your neighborhood open wifi, you're fine. i can tell you that i've had malware sent down a 3G pipe to a tethered target just as you might except on any other hostile network. incidentally, this tethered mode is how i prefer to communicate: 1. a front-end sacrificial/signalling device to indicate a threat level and carry traffic. (hotspot puck, 3G phone, CPE router, etc.) 2. a packet inspecting host to passively monitor for anomalies and respond to emergencies. (emergency zeroisation+filtering) 3. the actual communicating device containing keys and terminating sessions. further hardened by defense in depth. for any decent attacker, mobile platforms are just fucked. sorry! this is true until you can implement an entire isolated SDR stack; even opaque wifi blobs are fail. [i've stated my preference for various software defined radio setups before, omitted.]
Or better yet: who can see what?
I read the hardware is rigged (Samsungs), you wrote about the software being rigged (the ability to remotely install apps), and surely the phone company can do a lot of tricks from the early days of GSM. So is it crazy to route Tor traffic through such a gateway?
it's fine to route traffic over such a device as long as you assume the attacker is also watching and able to inject into your traffic over said gateway :) this means you run Tor on a different device, not the phone itself. last but not least, regarding the "Mission Impossible: Hardening Android for Security and Privacy" https://blog.torproject.org/blog/mission-impossible-hardening-android-securi... i have found the following techniques useful in the past against advanced attackers: 0.) rootkit Android kernel to trap and notify|block syscall use by user-id and process-id. anomalous calls by a privileged processes or users is a great signal of compromise. 1.) monkey patch Android API in every dalvik runtime for specific calls of interests that should not be granted. this caught the "Android Master key" vuln in practice as an updated app was behaving way out of permission and expected profile. 2.) deploy camouflage guacamole to feign vulnerability to various techniques and then use exploit attempts to signal presence of an adversary of identified capabilities. doing the above on a reference Nexus 7 platform left as exercise for the reader, *grin* best regards,
for any decent attacker, mobile platforms are just fucked. sorry! this is true until you can implement an entire isolated SDR stack; even opaque wifi blobs are fail.
SDR... fun gear for btc miners to spend their coin on. Related reading, a Nexus 5 service manual search string: 173744848-LG-D821.pdf
On Sun, Apr 6, 2014 at 1:26 AM, grarpamp <grarpamp@gmail.com> wrote:
... SDR... fun gear for btc miners to spend their coin on....
the old GPUs that used to pool mine before the ASIC takeover are great for searching key spaces and permutated dictionaries, but seems the SDR adoption is lacking. traditionally, SDR is narrowband focused, low overhead more than amenable to CPU cycles. very wide band, very high rate, multi-radio SDR setups are just now coming into independent exploration; perhaps then old GPUs can be brought back to utility! *grin*
Related reading, a Nexus 5 service manual search string: 173744848-LG-D821.pdf
my favorite odd band technical input is still the barcode scanners from decades past which would interpret scanned input and escapes same as keyboard console entry. factory reset SMS type attacks have been ongoing for so many years, the same mistakes over and over. back then, you could claim innocent times. today, there is just no excuse. last but not least, regarding compromising your own devices to know when someone might be trying to compromise your devices, the following may be useful hints in the proper direction. as always, best to build your own :) https://github.com/hiteshd/Android-Rootkit search: LD_PRELOAD hooking http://www.cydiasubstrate.com/inject/android/ / http://www.cydiasubstrate.com/inject/dalvik/ your mileage may vary... best regards,
the old GPUs that used to pool mine before the ASIC takeover are great for searching key spaces and permutated dictionaries, but seems the SDR adoption is lacking. traditionally, SDR is narrowband focused, low overhead more than amenable to CPU cycles. very wide band, very high rate, multi-radio SDR setups are just now coming into independent exploration; perhaps then old GPUs can be brought back to utility!
Agreed near-unlimited-width SDR has fun potential, and for cpunks some equally hard to identify/jam/locate encrypted comms that don't interfere with traditional narrow comms. There are some cheap ex-mining FPGA rigs being dumped on the market too now that they're worthless to the majority of their point-and-click owners.
my favorite odd band technical input is still the barcode scanners from decades past which would interpret scanned input and escapes same
http://americanhistory.si.edu/collections/search/object/nmah_892778 https://en.wikipedia.org/wiki/Helium-neon_laser My later unit of this same class of tech still reads UPC's, love the sounds it makes.
as keyboard console entry. factory reset SMS type attacks have been ongoing for so many years, the same mistakes over and over. back then, you could claim innocent times. today, there is just no excuse.
No doubt in part because we forget wisdom of history in favor of new hotness. Will be pretty sad when in 2100 we have to literally rediscover things from scratch because they're lost. ie: "How the fuck did they do that and their hacking tricks." http://thecorememory.com/
On Sat, Apr 05, 2014 at 09:30:25PM -0700, coderman wrote:
for any decent attacker, mobile platforms are just fucked. sorry! this is true until you can implement an entire isolated SDR stack; even opaque wifi blobs are fail. [i've stated my preference for various software defined radio setups before, omitted.]
Agreed that free-software SDR is better in the long run, but there are blob-free WiFi cards available: https://www.fsf.org/resources/hw/endorsement/thinkpenguin (they even let you pay with bitcoin.) -andy
On Sun, Apr 6, 2014 at 3:14 PM, Andy Isaacson <adi@hexapodia.org> wrote:
... there are blob-free WiFi cards available: https://www.fsf.org/resources/hw/endorsement/thinkpenguin
i have intended to go over the ath9k-htc sources, thanks for bringing this up! of all the wifi chipsets, i do like the atheros lines the best... especially with virtual station/ap/device support!
participants (3)
-
Andy Isaacson -
coderman -
grarpamp