The concise answer is the only sure-fire way to use Cellular network resources securely is with a simple cellular wifi hotspot and a secure non cell computer. Cell Phones are irreparably fucked- but not because of this.
(TLDR- cell phones are likely hardware back doored; stingrays are likely collecting much more then is publicly acknowledged- supporting info links below)
Bear with me and I'll try and explain, while properly pointing out what is speculation and the (I believe reasonable) rational for such.
Sim's include a baseband co-prossor and firmware - but all cell phones have baseband processors/firmware even if the sim is built in.
Baseband is a functioning computer processor/firmware system that operates below/independent any other software on a cellphone.
Baseband firmware is proprietary, closed sourced, and extremely difficult (in some cases impossible) to audit/reverse engineer.
There are only a handful of producers of baseband processors and firmware. Qualcom (the markers of the samsung baseband where the backdoor was discovered) alone has more then 70% of the market.
Baseband resources cannot be accessed through the main system. (it's actions/functions are mostly hidden from any user auditable view)
Conversely, Baseband has full access to the phone storage and main system ram. Consequently it has unfettered authority over all system resources.
I've read the rumour (often stated as fact) that some systems provide meaningful isolation of baseband- but have yet to find ANY. Not even black phone claims baseband isolation- and surely they'd be screaming it from the tree tops if they had it.
It's been almost a year since the baseband backdoor stories came out and literally NO company has come forward to say- hey that doesn't apply to us because we properly isolate baseband. I therefore speculate that all phones are compromised in this manor- and that's by intentional design. Whether this can be called 'back door' is semantically somewhat debatable, but it is undeniably capable of achieving the same functionality as a back door through exploitation of standard operational capabilities and trusted authority... see the various articles and the youtube blackhat vid posted below- they explain such better then I can.The phone company has authority over baseband- regardless of whether the keys have been compromised.
Any and all active encryption keys can easily be scraped from main system ram
- likely in an automated fashion...
Because of this: the promise of ANY "secure" encryption on cell phones even with keys never in third party hands, is nothing more then marketing hype and misleading gov co-intel propaganda. As long as the phone is booted up, the keys can be scraped from ram- by anyone with control of the baseband. Shutting down the phone doesn't stop this, as the phone doesn't actually shut down unless you pull the battery. Once keys are compromised- FDE is worthless even if the phone is shut down.
Soo... if your following- the subtle context of that story isn't about how the gov stole previously unavailable access to cell phones- it's about how they got access without manually hacking each phone (tedious, time consuming, resource limited) or going through the phone company for access (toll both service, resource limited, may create an audit trail
), but it speaks volumes on why there is now such a huge market for stingray devices.... (unlimited spying, likely better capabilities, and perhaps most importantly, no audit trail of questionable or outright illegal actions)
No offence to the magnificent iconoclast Greenwald intended- it's not proper for journalists to speculate as far as I am now; reasonable or not. This stuff has been properly suppressed, presumably with co-intel, as one may discern by reading articles claiming 'no backdoor' and comparing them to more legitimate technical sources- there's a waft of something one gets familiar with if reading stuff like this... It's not covered in mainstream sources, the facts don't add up, questions are left unanswered, hands are waved- and the media's beloved FUD is suspiciously set aside...nothing to see here, carry on.
...look into the massive success/growth of the Harris corp and other stingray manufacturers. -why?
What do stingrays offer that isn't available from intercept equipment at the phone company itself? What justifies this very expensive purchase? They put them on planes and fly them around constantly- what justifies this absurd expense? Is it realistic they'd do all this to just to collect imsi and esn numbers from a given location- or even random conversations- or even to opportunistically hack people real-time. I've read BS about tracking individual threats- but wouldn't that be easier just using the phone company resources and paying there bribe
I therefore suspect these stingrays are collecting much much more then is currently acknowledged- they're collecting a quality and quantity that authorities don't want the telco's to know about. Things so invasive that they would be considered at least controversial by even the most pro-authoritarian and surveillance state supporters...and the baseband hole is the key to this all. I'd speculate passwords, encryption keys, file index, known AP's, full contact list, web history, app data, email, sms history, photo geo-tags & thumbnails... literally any and everything that can be found in a known memory location and downloaded in the time/bandwidth available- most of it is small and could be downloaded very quickly.
ASLR you say? is the index in a known position?... is that open source and verified- I honestly don't know; I doubt it's a realistic mitigation to this level of compromise though- at best it would slow it down slightly.
Call me a tin hat- I could use a good laugh- the phrase is now misused so often it's all but lost meaning. Better yet, explain why I'm wrong or likely wrong, or maybe wrong- and make my day, because dog knows I don't want to believe this shit....what else could it be? Why are federal marshals literally so concerned with covering up stingray use documentation that they will go seize it to stop a legal court ordered subpoena???
imsi and esn collection? bullshit- there must be more to it. It's speculation- but I'd bet money these stingrays are using automated collection hacks exploiting baseband- sucking up as much data as possible for use to seed parallel constructed criminal cases.https://www.techdirt.com/articles/20140 ... aclu.shtml
For reference to the baseband hole see:http://www.osnews.com/story/27416/The_s ... bile_phonehttp://www.extremetech.com/computing/17 ... e-insecure
Also see:https://www.fsf.org/blogs/community/rep ... y-backdoor
note the line at the end...
"but if the modem can take control of the main processor and rewrite the software in the latter, there is no way for a main processor system such as Replicant to stop it. "
Yeah- unfortunately that's exactly how this works... with ram access you can change any system software.
Also see:http://www.youtube.com/watch?v=fQqv0v14KKYhttps://anonymous-proxy-servers.net/blo ... em....htmlhttps://news.ycombinator.com/item?id=7388547https://www.usenix.org/system/files/con ... inal24.pdfhttps://together.jolla.com/question/379 ... -baseband/https://blog.torproject.org/blog/missio ... nd-privacy
TOR labels android security as "mission impossible" They don't even bother to attempt to secure a device with a cellular modem. -as someone who tried and gave up, to go full asop and have authority at least over the 'visible' system via similar means as this article- I have to concur; it's pointless. After 100's of hours experimenting, tinkering and tweaking, I eventually came to the conclusion google doesn't want, and never intended android to be secure. Every single time I updated to a newer version of android- they'd broken something security critical- always in a way that wasn't immediately apparent, and with no reasonable explanation in sight as to why. (permissions, iptables, zombie logs, and non-sensical sandboxing changes/issues from what I recall- this was years ago...) it got to the point where I wouldn't update- because I just knew they were going to break something, and it would be weeks or months before people smarter then me figured it out and fixed it. I was a power user, striped down with minimal aosp rom, fde, fdroid, iptables, ovpn, xposed, system services userlanded & fine grain perm kneecapped- Briefly I felt very confident, but then every time I dug deeper I was still finding security issues and errant behaviour. Intentional or not- at the time android seamed like a very security/privacy hostile ecosystem- I seriously doubt it's improved since...and apple? just startpage 'apple backdoor' or 'apple spying' for numerous foul examples.
So...Fuck cellphones. I threw away my expensive spy device
"smart" phone and now have a dumb
no feature cell phone for emergencies- the battery is usually out of it. ting.com- 6$ a month. If I need mobile network, I use hotspot wifi and a proper foss linux or bsd computer. If I don't have final authority over a device I don't consider it something I own, and I'll be damned if I'm going to knowingly pay for my own surveillance/violation.
I imagine it's a great money maker- and perhaps some vpn duck tape on the screen door of the submarine security nightmare that is Orwells Telescreen
a "smart" phone keeps most of the surface mist out... But CS would gain a hell of a lot of respect from me (my already massive respect doubled) if they'd just drop support of mobile clients. Or at least make people eminently aware of how dire the security situation with cellphones really is- i.e. common casual 'install a hundred apps from the app store' on a stock rom usage is 10,000x more dangerous then standard desktop OS use, and a phone can potentially compromise every other device you interoperate with them. USB, Bluetooth, and SD cards are assumed completely trustworthy by nearly all computers- they can easily pass virus's and such... You don't need any speculation to show that, and none of it is theoretical. These devices just aren't designed for security/privacy- the way things are going, they never will be.