Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

Eugen Leitl eugen at leitl.org
Fri Sep 13 02:04:14 PDT 2013


On Fri, Sep 13, 2013 at 06:39:35PM +1000, Erik de Castro Lopo wrote:

> Yes, but Firefox OS and Cryanogenmod only control the user facing part
> of the smartphone. Loading eg Cryanogenmod onto a android phone leaves
> the software running the radio part of the phone untouched (otherwise
> the phone would never have passed the regulator auhorities). The second
> link I posted reported a vulnerability in that software. Secondly
> these phones connect to the cell phone network and you and I have no
> tools to examine what happens on that network.

Baseband processors leave the system wide open to all kind of attacks.
Countermeasure would be running the 2G/3G/4G stack in an open
source SDR radio, or using an open source VoIP device that connects
by WLAN to a MiFi, which is considered part of the untrusted
Internet.

The open source WLAN VoIP handset is more difficult than it appears.
In practice you'll have to use e.g. Jitsi with an USB headset on a
portable computer. Not exactly painless, and it opens you up to
system compromises.

If anyone is aware of suitable dedicated hardware, I'd be thankful
for pointers.
 
> Compare this with a laptop. If you buy a new laptop and are sufficiently
> paranoid you can use widely available software tools to monitor all
> network connections from that laptop to the wider internet.
> 
> > My threat is from the local governmental goons and their smarter
> > colleagues in the government controlled telco, who will surveil my
> > calls, SMS, and e-mail.
> > 
> > If I can use any tool to protect myself from them, isn't it worth seeing
> > that tool exist?
> 


More information about the liberationtech mailing list