[liberationtech] Mobile Phone Security
liberationtech at lewman.us
liberationtech at lewman.us
Sun Jan 8 19:30:58 PST 2012
On Sun, Jan 08, 2012 at 04:44:34PM -0500, gsistare at gmail.com wrote 2.9K bytes in 85 lines about:
: Considering this, which mobile phone
: providers and manufacturers remain the most secure? It seems like
: the numbers are dwindling, and the user-end side of things is
: becoming more uneasy.
Roughly zero if your threat model involves a government. All cell
phones have two operating systems, one is the baseband for managing
communications with the cell towers and signal processing, the other is
the one for the humans. The baseband has 'lawful intercept' built in to
appease western governments, at least.
I'm not sure to which OS the slashdot story
refers, but here's a crash course in iphone's OSes,
http://www.ihackintosh.com/2009/07/difference-between-iphone-baseband-bootloader/.
And here's a quick presentation on what the
baseband OS, or firmware, does in a 3G phone,
http://bwrc.eecs.berkeley.edu/seminars/Seminars_Archive/Sriram-9.15.00/3G_Cell_Base_Desgn.pdf.
For an example of the details, the osmocombb project,
http://bb.osmocom.org/trac/, is trying to write a completely free
baseband stack for cell phones. They have some pretty good details and
presentations on the hardware hacking involved in re-writing the baseband
from scratch.
As for actually secure phones, from the baseband through the user
interface, Cryptophone, http://www.cryptophone.de/, makes a few models,
but as you can expect, they are expensive. There are probably others,
but I've only used the cryptophone g10+ model.
And just in case you think the baseband isn't fun to
explore and exploit to win contests at security conferences,
https://www.readwriteweb.com/archives/baseband_hacking_a_new_frontier_for_smartphone_break_ins.php
--
Andrew
http://tpo.is/contact
pgp 0x74ED336B
More information about the liberationtech
mailing list