2023-09-04
Cellphones, especially smart phones, are a privacy and to a lesser extent a security nightmare. In this series of posts I will cover the privacy and security issues associated with cellphones and way that they can be avoided and mitigated. Things you can’t avoid
Wire taping - Depending on the country you live in this is not that big of a deal/threat, basically you have to be doing something illegal and there has to meet some burden of evidence for law enforcement to get a warrant(Note: This is very dependant on what jurisdiction you live in, some countries have a very high thresh hold for wire taping and others do not). Most western country have some form of privacy laws in place to prevent cell providers from listening on your phone conversations or reading your text messages.
The IMEI - Every Mobile phone has a unique identifier that is hard coded into the Base band modem that can’t be spoofed
Sim cards - Only two companies in the world make Sim cards for phones and there are no open-source options for sim cards. Not having an open-source option for sim cards means there is no way to independently verify that there is no malicious code in the sim cards, either injected by a disgruntled employee or state level actor. This can be solved by removing the card, some privacy focused phones either have hardware or software kills switches build into them to turn off the sim card.
Baseband modem - This is the piece of hardware that connects your phone to the cell towers and also has its own separate CPU and firmware that is not open-source. So malicious code, like with the Sim cards can be interjected into it, allowing for a back door into your phone. Privacy focus phones will either have software or hardware kill switches build into the phone to turn off the phone.
Zero-Day Attacks - Any kind of unknown exploit could be lurking in your phone that no one knows about. Hackers and state level actors spend a lot of time and money trying to find these exploits. However this is not just limited to cellphones, every single computer and piece of networking equipment can potentially have some kinda of unknown software or hardware exploit in it.
SMS - Text messages are very very insecure because they are unencrypted, and your cell provided may or may not store them after they are sent to your phone. And you’re also at the mercy of how well they secure their network and cellphone towers(ie keeping people from gaining physical access to towers and networking equipment) and are very vulnerable to man in the middle attacks. This is also why 2FA is through SMS is not very secure, or sending credit cards Social Security numbers over SMS is a bad idea. This can be mitigated by using end to end encrypted messaging applications that are open source such as Signal or Jami. However E2EE apps will not save you if you install random apps with malware, or some hacker uses a zero day attack to gain access and install malware on your phone. For 2FA you can use authentication apps.
Telemetry Sensors - Most smartphones these days come with a bunch of sensors to collect telemetry such as GPS, Compass, G-Force sensors and Barometers. This is why turning off GPS and putting the phone in airplane mode will not stop apps from tracking you. Some apps will continue to collect telemetry while the phone is disconnected from the internet and upload the data when then phone is re-connected to the internet.
Wi-Fi scanning\tracking - Wifi Scanning\Tracking is when your phone triangulates your position by scanning for any wifi router that is broadcasting near you, looks up there MAC address and GPS coordinates in google or apples database. The Google street view car does more then take pictures of your neighborhood, its also actively scanning and collecting information on every wifi-router neighborhood and recording their GPS Coordinates, not to mention any of the GAPPS(especially Google Maps) on your phone are probably doing the same.
Bluetooth and Bluetooth Low energy - Bluetooth and Bluetooth low energy are being used to track your position. Two examples of this are the Covid-19 contact tracing apps and apples air-tags. A tracking app will use Bluetooth to passively ping everyone’s phones Bluetooth and Bluetooth devices around you and recording the MAC address of their phones blue tooth, then comparing it with other meta-data. Effectively creating a mesh tracking network.
GAPPS(Google Applications and Services) - All off the shelf android phones come with google apps installed on them. You can only disable them(even then some of the applications can’t be disabled, like google play services), but can not completely remove with-out rooting and installing a degoogled version of android, and you can only do that on certain phones. Google play store forces you to sign in using a google id to be able to download apps(there are ways around that). I have done tests to see if disabling and restricting permissions will stop GAPPS from sending data to google. I setup a DNS server(pi-hole) in a VM, then directed my router to send all DNS quarry to my own server and then connected my smart phones to my network. When I checked the DNS logs on my server I found out my phones were still sending DNS requests to google despite having all GAPPS disabled. This was just more then google play services(the only app I could not disable) checking for updates as two of the addresses were known google analytics and trackers.
Applications your cellphones manufacturer puts on your phone - This is the same issues as with GAPPS, you can’t completely remove the application from your phone, only disable them, and even then there are some applications you can’t disable. These include pre installed social media applications such as Facebook and Instagram that could only be disabled, however I did not see any Facebook or Instagram show up in my servers DNS logs.
Application’s you install - Apps you install are notorious for collecting telemetry and data from your phone, usually for the propose of selling your data, social media apps are notorious for this. Even apps that claim for to collect your data or sell it have been caught on several occasions selling user data, for example the Tims Horton’s coffee apps was found out to be collecting more user data then they claimed they were collecting.
Copyright 2022-2024 Gribblenet.xyz |RSS