Nobody’s Cellphone Is Really That Secure

Discussion in 'mobile device security' started by mood, Oct 28, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,472
    Bruce Schneier:
    Nobody’s Cellphone Is Really That Secure
    October 26, 2018
    https://www.theatlantic.com/technol...esident-trump-and-cell-phone-security/574096/
     
  2. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Now if only Google/Essential/Nokia decided to launch a cheap(ish) security oriented phone with monthly updates, this problem could go away just a little bit :)
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    There are still many new dumb phones being made, mainly because they are cheap and the battery lasts "forever". I have Samsung E1150 with 1MB memory, the battery lasted almost 6 weeks at one charge, now it is only 2 weeks tops. I am currently thinking about an upgrade, something new like "Sencor Element P008V" ($20), french Pelitt ($25) or swiss Swisstone ($50). :D
     

    Attached Files:

  4. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    And how secure are those phones exactly? For the president or other important people, E2EE is a requirement.
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    It is obviously not worth much, since US president has the most secure phone in the world and yet he admits, that it is being routinely eavesdropped. Less features/memory = more security.
     
  6. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Is his personal cell the same phone that he calls government leaders with, though?
     
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Well in the end, it does not really matter, what security one has on his phone, when he calls using insecure lines to someone using a secured phone.
    They would have to use a real E2EE, but Germans are not going to trust US software and vice versa, so in the end, they are all using normal smartphones.
     
  8. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    And the award for dumbest statement of the day goes to...
    New mitigations are inherently new features, they provide more security.
    Virtulization and sandboxing inherently uses more memory, they both provide more security.

    If you think using a dumbphone (with software written during a time when developers didn't even think about hostility) stuck on the easily hackable 2G network is how you gain security then clearly agencies like the NSA are doing a good job with their propaganda.
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Someone should read the article again, all those security mitigations did not help, yet ignoring the obvious. Besides dumbphones are still being made, with the new software.
    NSA actually does not want you to use dumbphones. So keep using your ultra secure easily hackable smartphone (simply by sending a packet, a spoofed image or URL).
     
  10. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Oh no! Let's throw them all away then because they are clearly all useless for everything!
    Maybe you should read *your own post* again, where you tried to tell us that these security mitigations (features) make things worse.
    If you don't understand a topic, don't mislead people. :argh:

    Show me the evidence of this "new software" that's so great to keep these dumbphones secure. :rolleyes:

    NSA does not want you to use dumbphones because they run on the 2G network with can be hacked by anyone for $100. Yes, the NSA does put out good advice, when it is in their best interest.
     
  11. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    You're a funny guy. This is from the article:

    This seems the most realistic way to hack Trump's personal phone and using a 2G phone does absoutely nothing to prevent that. The article itself even says these passive ways are the most likely option for China and Russia, since all hell would break loose if they were caught having installed malware on the President's phone.
     
  12. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Exactly what I said, there is no point trying to secure the endpoint as long the line is insecure. Dumbphone is fine for regular calls and smartphone for everything else (texts, photos, secure calls).

    Sure just install AV and be protected, that is your general advice. Good luck with that, that sure helps against ransomware and hackers, oh wait, nevermind. :)
     
  13. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Which is precisely why things like iMessage come in real handy on smartphones. They are secure by default. A lot more secure than using regular phone calls, even if they are "American".
     
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Indeed, if only politicians would listen to IT guys, they could have really secure calls, lets say using open source apps (like Tox), but they can not even agree on simpler things. :rolleyes:
     
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    PLEASE stop misleading people with things you know nothing about. You 100% SHOULD secure the endpoint and the start point NO MATTER what malicious entity is in the middle.

    In fact, that's exactly what you should assume the internet is right now. The entire point of pushing everyone to HTTPS is the assumption that you cannot trust anything between you and the end point. That's exactly what E2E solves.

    Exactly this. You're securing yourself against the malicious middle.

    Oh, now you agree that you need to use secure apps? LOL!

    Don't flat out make up lies. Quote where I said that.
    This entire debate I've been talking about mitigations and you just pull that nonsense out of thin air.
    Clearly intellectually dishonest... or maybe you actually think software mitigations == AV? Wow, I hope not. :eek:
     
  16. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,129
    Location:
    USA
    My old flip (dumb phone) ain't half bad -- and still does what I need it to do.:argh:
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,513
    Location:
    Among the gum trees
    Was this supposed to be a secret or something?
     
  18. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    744
    That's right. The problem is not the devices which, unlike what Schneier says (I highly respect the man) can be made very secure but need some serious technical knowhow and time.

    The problem is the networks and that many devices still use or can be fooled to use (stingray) weaker (like A5/1 or even weaker A5/2) encryption or even no encryption at all (A5/0) !

    For normal consumer to have any chance at all to have secure communication the phone should
    be locked to 4G band and plain refuse any attempts by any tower to ask it to downgrade below it.

    After that, consumer should make sure that as much extra crap as possible is removed from the phone, latest OS updates of course, and all the data/voice/sms is done only throught app that supports end-to-end encryption (and it wouldn't hurt if had some vpn and/or orbot installed too).
    Brave ones owning android could also consider some security enchanced open source version of the firmware....(just know that it voids the warranty and has chance to brick your device...)

    Oh, and if possible, never buy any phone made in China.... :D

    After those changes, it's not unhackable but much more difficult target....
     
  19. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    That'd be just crazy! They're not: https://electrospaces.blogspot.com/2017/02/trumps-beautiful-oval-office-phones-and.html
    and https://electrospaces.blogspot.com/2018/09/trumps-telephones-in-treaty-room.html
    and more
    https://electrospaces.blogspot.com/2017/11/trumps-communications-equipment-outside.html

    The article here is about his "personal cellphone". He is obviously trained to never make any important calls or things with his private smartphone.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.