[liberationtech] Mobile Phone Security
liberationtech at lewman.us
liberationtech at lewman.us
Sun Jan 8 19:30:58 PST 2012
On Sun, Jan 08, 2012 at 04:44:34PM -0500, gsistare at gmail.com wrote 2.9K bytes in 85 lines about:
: Considering this, which mobile phone
: providers and manufacturers remain the most secure? It seems like
: the numbers are dwindling, and the user-end side of things is
: becoming more uneasy.
Roughly zero if your threat model involves a government. All cell
phones have two operating systems, one is the baseband for managing
communications with the cell towers and signal processing, the other is
the one for the humans. The baseband has 'lawful intercept' built in to
appease western governments, at least.
I'm not sure to which OS the slashdot story
refers, but here's a crash course in iphone's OSes,
http://www.ihackintosh.com/2009/07/difference-between-iphone-baseband-bootloader/.
And here's a quick presentation on what the
baseband OS, or firmware, does in a 3G phone,
http://bwrc.eecs.berkeley.edu/seminars/Seminars_Archive/Sriram-9.15.00/3G_Cell_Base_Desgn.pdf.
For an example of the details, the osmocombb project,
http://bb.osmocom.org/trac/, is trying to write a completely free
baseband stack for cell phones. They have some pretty good details and
presentations on the hardware hacking involved in re-writing the baseband
from scratch.
As for actually secure phones, from the baseband through the user
interface, Cryptophone, http://www.cryptophone.de/, makes a few models,
but as you can expect, they are expensive. There are probably others,
but I've only used the cryptophone g10+ model.
And just in case you think the baseband isn't fun to
explore and exploit to win contests at security conferences,
https://www.readwriteweb.com/archives/baseband_hacking_a_new_frontier_for_smartphone_break_ins.php
--
Andrew
http://tpo.is/contact
pgp 0x74ED336B
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list