There is apparently no sense of irony in asking us to trust JavaScript from some random place called "PubPub" in order to even view this. Why is it no longer reasonable to expect simple text information on the WWW to be conveyed without requiring JavaScript?
While bunnie is great and this is interesting research, I have a few issues with it:
-Slightly ridiculous threat model (trust should be achieved at the silicon and work its way up, not the reverse). If you don't trust your phone's hardware or software, switch phones. IMHO working towards improving trust and security features is better spent time than trying to shift trust from the phone to the tools you use to monitor and distrust it.
-While journalists are heavily targeted, the research is nihilistic and feeds into fears of 0days. If someone out there has the ability to remotely turn off airplane mode, they aren't going to burn it outside of a WW3-level crises.
-Re: 'silent phone'. What use is an unnetworked phone? Can't call, email, message, find directions, lookup topics, backup recordings. Journalists use phones because they are useful, not because they need to be perfectly secured.
Until we all learn chip design and have in-home fabs, establishing trust from the ground up is impossible. It's correct to pursue a trusted stack, but it isn't incorrect to consider auditing that stack from an external trust anchor.
I love it how people ask rhetorical questions without thinking through what the answers might be, and how those answers might undermine their points.
A few things journalists could do with an un-networked device: take notes, take photos, record audio, record video, show people pictures and other things stored on the phone, look up information that is stored locally, find contacts numbers and then call them from a different device... the list could go on, but is that not enough?
It's an interesting effort. I don't see a need to diss it, even though the usage scenarios seem a bit arcane.
Yes, true... but notice before your comment my wording was already "un-networked device." I deliberately replaced the parent's terminology with a term that subsumes both phones with networking turned off as well as PDAs, amongst others.
I use quite a silent phone since years. It's permanently in airplane mode with wifi activated. I can still chat, browse, navigate and so on. It's pretty useful.
Since we cannot secure the silicon, we need other technical means to build up trust. A devices like this is a good step in the right direction.
I don't think people with access to hardware or other backdoors would only use them only in a WW3-level crises. It's not unreasonable for journalists to defend against these threats.
> If someone out there has the ability to remotely turn off airplane mode, they aren't going to burn it outside of a WW3-level crises.
This assertion relies on an assertion that such exploits are so rare as to be priceless.
You might be right that if someone only had one such exploit that they would be very, very cautious about using it. But what if they have a half dozen or so?
The silent portion is useful for moving data into a secure environment. One could argue that a non-networked storage medium is better suited for this task (USB/SD), but the idea is that once you have sensitive data in your possession to can secure it from any type of remote tampering/tracking.
>If you don't trust your phone's hardware or software, switch phones.
Given documented cases of three letter agencies intercepting electronic devices to install implants, how can anyone realistically trust any phone they buy, ever?
>how can anyone realistically trust any phone they buy, ever?
Trust in the sense of feeling (not knowing) that there is a reasonable chance that the phone might be secure?
Here's how:
Walk into the store and buy it on the spot. And definitely choose your OS vendor wisely... get your phone from a company that has its own stores, controls inventory in those stores tightly, and does not use the customer as its product. This way you at least maximize your chances of being secure. Do not order the phone online, even from the vendor's web site.
Trust in the sense of 100% absolute knowledge that there is no compromise? Realistically, there's no way to know 100.00000%
> If you don't trust your phone's hardware or software, switch phones.
Much easier said than done. If the iPhone's hardware can't be trusted, which other phone can be? In such a situation using something like this actually seems to be the easy route towards hardware security against interception.
There are three really big hardware assurance problems:
0. Trusting any bit of silicon isn't backdoored or buggy.
1. Trusting any opaque binary firmware isn't backdoored or buddy.
2. Having "firewall" level of control of bus device lifecycle not in control of the user action and/or system policies.
We need more peripheral firewalls, external firmware imaging IDS/IPS like this project and depotting open-source chips that can be functionally OCR'ed under xray/microscope.
With prices for some iPhones reaching $1,000, is security based on iPhones still a realistic solution for the general public? Should privacy depend on wealth?
I'd say it's more the other way around; privacy depends on obscurity. The less conspicuous you are the less you'll stand out among all the 8 billion people on the planet.
http://archive.is/0sxuT
https://www.pubpub.org/pub/direct-radio-introspection