[liberationtech] hardware options for a computer phone, not a mobile phone...

John Case case at SDF.ORG
Sun Sep 30 08:24:45 PDT 2012 

I'm interested in finally responding in some ways to the vulnerabilities  
and privacy implications of the mobile phone and its networks.  For my own  
comms, that is.

In addition to the problems with privacy and tracking, I am also worried  
about problems at lower layers - like rogue BTS abusing my radio to  
exploit the phone.  We first saw real evidence of this at defcon 2-3 years  
ago when there was a rogue BTS attempting android exploits (see coderman  
posting to cypherpunks around that time).

I think there are two broad strategies to pursue here.  The first is the  
obvious one - a totally open, free software firm, from layer 1 all the way  
up.  The major problem with this strategy is that it is a long way off  
from existing - osmocombb still barely has a working model of a phone that  
can place an actual call, and this is ONLY on a very limited chipset that  
is 2G only, and voice only.  It appears that osmocom is moving forward in  
a lot of ways, but they are not graduating to other, or better chipsets  
(ie., to 3G, and to fast data) - and even if they were, we're years and  
years away.

But there's another strategy that has all of the components already in  
existence, and that is to use a handheld computer that *happens* to  
contain a GSM or CDMA *module* (or both) in addition to WIFI.  With this  
setup, you can behave as a SIP device (using WIFI as much as possible) for  
all calls - you never make a call, or perform any action using the phone  
network directly.  All phone activity is tunneled through SIP/VOIP to your  
own server at a fixed datacenter, where you have either a hosted SIM in a  
pci card, or you have a POTS uplink.

This is very appealing because it means that most of the time (depending  
on where you live) you are just using WIFI.  When you are forced to  
failover to (for instance) GSM, you are using a very, very simple, modular  
modem that you can easily control (ifconfig xx0 down) and that caontains  
an anonymous, prepaid SIM.  You don't care about the number, or the ID, or  
about any of the contraints of prepaid SIMs, since you just need network  
access.

> From the outside world, all calls come from the same fixed point, no 
matter where you are in the world.  Further, if you have colocation, you  
control that fixed point.  Finally, while you don't have total layer 1  
control over the GSM modem, you do have *some* control over it - you can  
ifconfig it down, you can disable it, you can *physically remove* it, and  
presumably you can interact with it in much more profound ways, since its  
a modular modem inside of a unix system you control (your handset).

So the question ... what is the handset ?

If a handheld linux computer (archos ?  old compaq ipaq ?) wasn't designed  
as a mobile phone, it won't have speaker at the ear and mic at the mouth  
as you would expect, so that's difficult.  OTOH, if you use a handheld  
computer that was designed as a phone, you have a problem with the tight  
integration of the mobile modem with the device, and you lose some control  
over the modem and its attack vectors (although if you are running a  
completely open OS, perhaps not ?)

I am looking at some of the later HP Ipaq models, like the HP Ipaq 910c,  
which has GSM built in (it's a phone) ... honestly, I'm at a loss - I know  
all about modern phones like nexus, etc., which will not fit here, and I  
know all about modern android-based handheld devices like nook and kindle  
fire and so on ... but who makes a handheld, phone sized (not tablet  
sized) linux capable computer that I can easily insert one or more mobile  
modems into ?

Since all we need is a linux computer, perhaps other devices, like a mp3  
player (as long as it has a SD card for a modem) would work ?

Comments / advice appreciated ...
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list