Hi,
On Wed, Dec 10, 2014 at 01:06:44PM +0100, Garreau, Alexandre wrote:
Replicant is supported by only some phones, not always completely, and
I know only one or two phones are really acceptable: others give to
the detached and proprietary modem the control on CPU, RAM, IOs, etc.
and hence is not secure (especially in the post-Snowden era: NSA can
take the complete control of phone only by sending microwaves on the
phone).
This is a somewhat academic threat IMHO: while it's certainly true that
such a hardware design could be used for spying in theory, I don't
believe it's realistic to do mass surveillance this way -- especially
when your device is running non-standard software. It could be used for
targetted attacks against high priority subjects -- but if you think you
might be among these, you shouldn't use mobile phones at all...
I mean, with free software, you???re getting a phone more secure than
most of presidents, dictators and kings/queens on Earth, that???s
amazing! :p If Merkel used that, she wouldn???t had made spying of
German state possible x)
Actually, it was "only" her party phone that was snooped upon, which was
an ordinary off-the-shelf phone. The official "state" phone is a special
solution that uses an encrypted data channel for communication; and I'm
pretty sure the firmware can't be upgraded over the air...
The attack on an ordinary GSM phone doesn't require any kind of access
to the actual phone. GSM voice connections do not allow end-to-end
encryption -- and the GSM protocol is so insecure, that anyone with the
right equipment can snoop upon any phone in the same cell. (Or even
beyond? Don't remember the details...) Also, any GSM call can be snooped
upon if the attacker has access to the backbone network, which was
probably the case here.
Free software on your phone won't save you from this -- even if you had
free modem firmware.
-antrik-