Hi, On Wed, Dec 10, 2014 at 01:06:44PM +0100, Garreau, Alexandre wrote:
> Replicant is supported by only some phones, not always completely, and > I know only one or two phones are really acceptable: others give to > the detached and proprietary modem the control on CPU, RAM, IOs, etc. > and hence is not secure (especially in the post-Snowden era: NSA can > take the complete control of phone only by sending microwaves on the > phone). This is a somewhat academic threat IMHO: while it's certainly true that such a hardware design could be used for spying in theory, I don't believe it's realistic to do mass surveillance this way -- especially when your device is running non-standard software. It could be used for targetted attacks against high priority subjects -- but if you think you might be among these, you shouldn't use mobile phones at all... > I mean, with free software, you???re getting a phone more secure than > most of presidents, dictators and kings/queens on Earth, that???s > amazing! :p If Merkel used that, she wouldn???t had made spying of > German state possible x) Actually, it was "only" her party phone that was snooped upon, which was an ordinary off-the-shelf phone. The official "state" phone is a special solution that uses an encrypted data channel for communication; and I'm pretty sure the firmware can't be upgraded over the air... The attack on an ordinary GSM phone doesn't require any kind of access to the actual phone. GSM voice connections do not allow end-to-end encryption -- and the GSM protocol is so insecure, that anyone with the right equipment can snoop upon any phone in the same cell. (Or even beyond? Don't remember the details...) Also, any GSM call can be snooped upon if the attacker has access to the backbone network, which was probably the case here. Free software on your phone won't save you from this -- even if you had free modem firmware. -antrik-
