[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] How safe is smartphones today?



On Thu, Apr 3, 2014 at 3:10 AM,  <[email protected]> wrote:
> ...
> That made me wonder. What are the risks involved using a Tails PC and
> getting online through a 3G clean Android smartphone with no apps
> installed or Google accounts activated tethered through USB?

as long as you assume the 3G link is as trustworthy as your
neighborhood open wifi, you're fine.

i can tell you that i've had malware sent down a 3G pipe to a tethered
target just as you might except on any other hostile network.


incidentally, this tethered mode is how i prefer to communicate:
1. a front-end sacrificial/signalling device to indicate a threat
level and carry traffic. (hotspot puck, 3G phone, CPE router, etc.)
2. a packet inspecting host to passively monitor for anomalies and
respond to emergencies. (emergency zeroisation+filtering)
3. the actual communicating device containing keys and terminating
sessions. further hardened by defense in depth.

for any decent attacker, mobile platforms are just fucked.  sorry!
this is true until you can implement an entire isolated SDR stack;
even opaque wifi blobs are fail.
 [i've stated my preference for various software defined radio setups
before, omitted.]



> Or better yet: who can see what?
>
> I read the hardware is rigged (Samsungs), you wrote about the software
> being rigged (the ability to remotely install apps), and surely the
> phone company can do a lot of tricks from the early days of GSM. So is
> it crazy to route Tor traffic through such a gateway?

it's fine to route traffic over such a device as long as you assume
the attacker is also watching and able to inject into your traffic
over said gateway :)
this means you run Tor on a different device, not the phone itself.


last but not least, regarding the "Mission Impossible: Hardening
Android for Security and Privacy"
 https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy

i have found the following techniques useful in the past against
advanced attackers:

0.) rootkit Android kernel to trap and notify|block syscall use by
user-id and process-id.  anomalous calls by a privileged processes or
users is a great signal of compromise.

1.) monkey patch Android API in every dalvik runtime for specific
calls of interests that should not be granted. this caught the
"Android Master key" vuln in practice as an updated app was behaving
way out of permission and expected profile.

2.) deploy camouflage guacamole to feign vulnerability to various
techniques and then use exploit attempts to signal presence of an
adversary of identified capabilities.

doing the above on a reference Nexus 7 platform left as exercise for
the reader, *grin*


best regards,