[tor-talk] How safe is smartphones today?

[anonymous coward]

Hello again,

I hope this question is not totally off topic!

Many people use TOR or secure ways to chat on smartphones.

The last months have reveiled how hard secret services attack our phones.

This leads me to the question, how secure are our smartphones at all?

In my case I use Android 4.x.

How easy is it for "them" to break into a smartphone?

Do they really need to install trojan software or does Google and Apple
allow them full access to users phones?

My special concern is about the baseband CPU. The baseband potentially
allows full access to the whole system. And the baseband is closed source.

Thus, the baseband is the perfect trojan for "them". I asked a phone
maker that makes "cryptophones" what they say about the baseband CPU as
a backdoor. They did not reply to the present day.

If it really is that simply for "them" to break into a smartphone, all
the security apps are worthlesse. Be it TOR, ChatSecure, TextSecure,
RedPhone, everything would be crap. "They" could easily steal your
secret keys and contacts.

Thus, what does the scientific community say about these concerns?

Bruce Schneier said "forget your data".

Is it really that simple as Bruce Schneier says, forget your data?

If it was that simple, it would be pointless to use TOR or any software
with security in mind on a smartphone, it simply would not make any sense.

And the worst thing is, the baseband CPU is closed source, even  if you
use open source like Cyanogenmod, you still have the baseband backdoor
on your device and you can do *nothing* about it.

What do you say? The battle seems lost, just as the whole war seems lost?

Thank yours.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140402/b4b2514b/attachment-0001.sig>