[tor-talk] How safe is smartphones today?

Graham Todd gct7photography at gmail.com
Fri Apr 4 16:06:15 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hello again,
> 
> I hope this question is not totally off topic!
> 
> Many people use TOR or secure ways to chat on smartphones.

This begs a few questions:

Is TOR secure with smartphones (or any we in the UK call mobile phones)?

What other secure ways to talk are there?

Is the poster meaning "TOR or secure ways to chat",or that TOR is not
secure?
> 
> The last months have reveiled how hard secret services attack our
> phones.
> 
> This leads me to the question, how secure are our smartphones at all?

For what its worth, Richard Stallman has said they are not secure and
for that reason he won't own one and doesn't. It has long been known
they have the capacity for surveillance and recent NSA/GCHQ revelations
have disclosed their capacity for mass surveillance. I think it almost
certain that the "spooks" can listen in to telephone calls if they wish
to;what's a matter of greater conjecture is the ability to track each
phone as it moves from receiver tower to receiver tower while the phone
is "live".
> 
> In my case I use Android 4.x.
> 
> How easy is it for "them" to break into a smartphone?

Very easy.
> 
> Do they really need to install trojan software or does Google and
> Apple allow them full access to users phones?

I'm not sure that they install trojan software but I am sure they have
taken to steps to ensure that the hardware will always include methods
of tracking the users while the battery is "on" and live
> 
> My special concern is about the baseband CPU. The baseband potentially
> allows full access to the whole system. And the baseband is closed
> source.

Precisely. And that is why you should always treat claims about privacy
for the users with a large pinch of salt.

However,mobile phones have a good side.  I have several debilitating
medical conditions that make my holding a mobile phone while away from
home that has a battery a necessity for my well-being. But this is me
being tracked or surveilled with my my consent; the problem comes with
tracking and surveillance *without* my consent.
> 
> Thus, the baseband is the perfect trojan for "them". I asked a phone
> maker that makes "cryptophones" what they say about the baseband CPU
> as a backdoor. They did not reply to the present day.

Except it isn't a software trojan, but a deliberate part of its
architecture, part of its design
> 
> If it really is that simply for "them" to break into a smartphone, all
> the security apps are worthlesse. Be it TOR, ChatSecure, TextSecure,
> RedPhone, everything would be crap. "They" could easily steal your
> secret keys and contacts.

It might be that the NSA/GCHQ combination has the ability to conduct
mass surveillance,but it chooses not to do so all the time.  But Edward
Snowden's revelations has shown you are essentially correct - at least
for mobile phones
> 
> Thus, what does the scientific community say about these concerns?
> 
> Bruce Schneier said "forget your data".
> 
> Is it really that simple as Bruce Schneier says, forget your data?
> 
> If it was that simple, it would be pointless to use TOR or any
> software with security in mind on a smartphone, it simply would not
> make any sense.
> 
> And the worst thing is, the baseband CPU is closed source, even  if
> you use open source like Cyanogenmod, you still have the baseband
> backdoor on your device and you can do *nothing* about it.
> 
> What do you say? The battle seems lost, just as the whole war seems
> lost?
> 
As far as smartphones are concerned, just disconnecting the battery
would be a better way of getting an untrackable device, and only
using public telephones when you need to make a call. This is not
fail-safe but it will help (unless you are the subject of surveillance
from individuals spying on you).

But don't worry too much: TOR and JAP software are useful ways of
helping to anonymise computers. These programs are surely less
effective than it is claimed;but this doesn't mean they are of no
benefit at all. It simply means that these programs should not be
considered a sure-fire shield,only a help towards that shield.

I don't believe that the war or the battle is lost, but we need more
people to be working on this problem and propose new ways of
attacking the problem.

 --Graham Todd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlM+2HcACgkQCi6s3a408wlD3QCePjP7NO2Dp0j0vs8+GfGGP/CI
BWQAnj7kVdbdSctisk8mjhUGvwgq5ArR
=LqVg
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list