Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] hardware options for a computer phone, not a mobile phone...

John Case case at SDF.ORG
Sun Sep 30 08:24:45 PDT 2012


I'm interested in finally responding in some ways to the vulnerabilities 
and privacy implications of the mobile phone and its networks.  For my own 
comms, that is.

In addition to the problems with privacy and tracking, I am also worried 
about problems at lower layers - like rogue BTS abusing my radio to 
exploit the phone.  We first saw real evidence of this at defcon 2-3 years 
ago when there was a rogue BTS attempting android exploits (see coderman 
posting to cypherpunks around that time).

I think there are two broad strategies to pursue here.  The first is the 
obvious one - a totally open, free software firm, from layer 1 all the way 
up.  The major problem with this strategy is that it is a long way off 
from existing - osmocombb still barely has a working model of a phone that 
can place an actual call, and this is ONLY on a very limited chipset that 
is 2G only, and voice only.  It appears that osmocom is moving forward in 
a lot of ways, but they are not graduating to other, or better chipsets 
(ie., to 3G, and to fast data) - and even if they were, we're years and 
years away.

But there's another strategy that has all of the components already in 
existence, and that is to use a handheld computer that *happens* to 
contain a GSM or CDMA *module* (or both) in addition to WIFI.  With this 
setup, you can behave as a SIP device (using WIFI as much as possible) for 
all calls - you never make a call, or perform any action using the phone 
network directly.  All phone activity is tunneled through SIP/VOIP to your 
own server at a fixed datacenter, where you have either a hosted SIM in a 
pci card, or you have a POTS uplink.

This is very appealing because it means that most of the time (depending 
on where you live) you are just using WIFI.  When you are forced to 
failover to (for instance) GSM, you are using a very, very simple, modular 
modem that you can easily control (ifconfig xx0 down) and that caontains 
an anonymous, prepaid SIM.  You don't care about the number, or the ID, or 
about any of the contraints of prepaid SIMs, since you just need network 
access.

>From the outside world, all calls come from the same fixed point, no 
matter where you are in the world.  Further, if you have colocation, you 
control that fixed point.  Finally, while you don't have total layer 1 
control over the GSM modem, you do have *some* control over it - you can 
ifconfig it down, you can disable it, you can *physically remove* it, and 
presumably you can interact with it in much more profound ways, since its 
a modular modem inside of a unix system you control (your handset).

So the question ... what is the handset ?

If a handheld linux computer (archos ?  old compaq ipaq ?) wasn't designed 
as a mobile phone, it won't have speaker at the ear and mic at the mouth 
as you would expect, so that's difficult.  OTOH, if you use a handheld 
computer that was designed as a phone, you have a problem with the tight 
integration of the mobile modem with the device, and you lose some control 
over the modem and its attack vectors (although if you are running a 
completely open OS, perhaps not ?)

I am looking at some of the later HP Ipaq models, like the HP Ipaq 910c, 
which has GSM built in (it's a phone) ... honestly, I'm at a loss - I know 
all about modern phones like nexus, etc., which will not fit here, and I 
know all about modern android-based handheld devices like nook and kindle 
fire and so on ... but who makes a handheld, phone sized (not tablet 
sized) linux capable computer that I can easily insert one or more mobile 
modems into ?

Since all we need is a linux computer, perhaps other devices, like a mp3 
player (as long as it has a SD card for a modem) would work ?

Comments / advice appreciated ...



More information about the liberationtech mailing list