Forum Statistics

Threads
27,576
Posts
541,662
Members
28,556
Latest Member
Ethan7400

hoodlum's search to secure a mobile phone

hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
Alright guys so if you've read some of my previous posts I do have a bit of nerd inside me at times and if your up to date with anything from the past few years in terms of communication security and what Snowden brought to light about our government's & major corporations spying on us then you might just realise that there are some major implications for the every-day user and their privacy is being stomped all over constantly, regardless of if you are doing something wrong or have something to hide. I know not many people on here are going to be interested in this and it wont be updated regularly, this log is mainly for anyone that is interested for themselves or anyone that wants to help can be involved.

My goals:
- Create/discover a secure mobile phone solution

Requirements:
- Secure encryption system for stored content
- Secure encryption system for text messages/instant messaging
- Secure encryption system for emails
- Independent code review available
- Free from backdoors (both software and cryptography standard)

Ideal:
- Secure encryption for calls
- Forced call encryption and/or notification of call cipher status
- Some security from IMSI catchers
- OTA update security
- Easily assessable advanced telephony details
- Delayed basestation replies

This list may change, probably expand but this will be the basics for now. As there are already advertised solutions for this out there and plenty of people that have been interested in this before me I expect to be examining all information and all potential solutions to create a secure mobile phone including commercial solutions and free solutions. There are plenty of commercial solutions but I will be looking at them on an individual basis and anything that wont allow independent code review will probably be disregarded immediately. I will try to mention everything I have a look at in here and list why certain things are either considered, chosen or disregarded.

This will be a fairly long project spanning a couple of months, maybe in to next year but I just needed to get a start on it now and have somewhere to put my thoughts together. I'm not bias towards iOS, Android or any others so I will consider everything (including the new Firefox OS). I am also happy to modify a mobile operating system to meet my requirements if that's what it takes and if I do modify anything I will provide the modifications here. If anyone wants any information feel free to ask questions on anything I speak about, I'm happy to explain things.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
Okay I guess the first thing to talk about is iOS & Android.

iOS - Disregarded
Alright so iOS is the operating system for the iPhone and I believe the current version is 7.1.2 - this is able to be jailbroken by Pangu which are a group of hackers out of China who are new to the iPhone scene. Although I personally like iOS it is a terrible out-of-the-box operating system for security and the focus is certainly around developers and Apple Inc's interest. Fortunately jailbreaking a idevice gives a ton more control and enables you to do things that Apple hate (for example I have Perl running a SlowLoris mod on an old iPhone which gets 300-350 connections) but it still doesn't provide the real level of security which I am looking for. With a jailbroken iOS you can begin creating encrypted folders and secure some data however there are massive holes in this system even if the data is properly encrypted there are lots of data leaks. Its really just a layer of security on a massively insecure system. Above all that, the advanced telephony stuff I'm looking to be able to do is extremely hard with iOS. On top of this Apple Inc is one of the companies who co-operate with the NSA highly so without the ability to review their code I am very distrusting that there aren't intentional backdoors

Android - Disregarded
This is a much better operating system for what I am after than iOS and is the backbone of many phones but it still doesn't give me the freedom and control I am after. There are a lot of modifications with Android and there seemed to be a much better community on Androids focused around security & encryption. I have seen a few possible secure systems for messages/emails/etc and even calls however the OS comes with some non-open source components and those are what I would be vary of when viable alternates exist. Out of the box it is a powerful tool and a rooted android does hold a lot of promise for the type of system I am looking to develop however there are already modified versions of Android available like Cyanogenmod. Most of these focus on expanding the features within the Android OS which isn't exactly what I'm after, I am happy with a skeleton system as long as it is secure however often these modified versions come with additional advanced capabilities and this is what I'm after. I may take another look at Android at a later date but for now other software (both Android based mods and FOSS) looks far more promising so I will rule out Android for now.

---

As for encryption I want to make a special note. For those that don't know how encryption work I advise going and reading my encryption article I wrote, I attempt to explain it in fairly easily language and provide pictures to ease understanding. If you can't find it send me a PM or your email and I will send it to you. Although encryption is a necessity in the case of mobile phones I need to consider a few things that on computers may take a backseat. Firstly the more complicated encryption is usually means the longer it will take to encrypt/decrypt so for things like calls, IM & text messages this could cause frustration, I still want the device to be fairly usable so choosing an encryption must take in to account the speed of the encryption being processed in real-time vs the strength of the encrypted data. Also need to consider that even though some cryptology solutions are considered secure there may be a way to break it which hasn't been publicly released, obviously when we are looking at encryption we want to be protected from LE so we need to assess the strength of the encryption vs the reward of releasing any potential backdoor to the public if there is one.
Along with encryption I will be looking at stenography application for mobile platforms.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
Alright so just a quick blurb about open source vs closed source software because its going to be a recurring thing. The majority of programs that companies sell are closed source, this means that the code which runs the program is kept private/behind closed doors for the company that makes the program only. Open source programs are programs where the code is made publicly available, anyone can get the code and review/improve/compile/edit it as they see fit. There are a few important differences, one is that with open source programs people can see everything that happens so it is extremely easy to copy things and then resell someone else's hard work, it essentially shows everyone your inner workings and trade secrets. The benefit of open sourced programs is that many eyes from all walks of life review the code and there is a better chance they will find and fix bugs in the code for the community and secure potential exploits however on the flip side with the code visible to any malicious users it is easier to find an exploit, that door swings both ways. For closed source programs, businesses get to keep their trade secrets close to their chest and it gives them an advantage over the competition however at the same time it means their programmers can run wild and insert any backdoors in to their programs as they see fit and no one is ever the wiser. The thing here is that open source programs pretty much need to deliver what they promise and its independently verifiable.

The two listed above, iOS & Android are both closed source.

GSMK CryptoPhone - Disregarded
Now to talk about a specific product marketed exactly at what I'm looking to achieve. Its called a CryptoPhone and is marketed by GSMK (http://www.cryptophone.de/en/company/ & http://cryptophoneaustralia.com/) which provide a very good illusion of security. That's all they provide though, the illusion of security and not actual security itself. They have an interesting business model, they are closed source which is understandable considering the sheer amount of work this would take however it is a massive problem within the cryptography industry as those folk don't seem the be the most trusting and rightfully so. They attempt to discard this by pushing the fact they have a source code available for download and independant review. Of course I downloaded this to take a look, the first thing I realised was that this code is dated back to 2003 which is sevearely outdated, the second thing is that you can't compile and install this on your own accord meaning its essentially useless, if any backdoors were included in the phone you wouldn't be able to see them from the outdated and unusable code. This means that there is NO information about how they encrypt/decrypt/store data or even if they in fact do at all besides market claims. GSMK sell a very good illusion of security however they don't sell a secure product.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
Firefox OS - Disregarded
This was a tough choice and considering the lack of other options Firefox OS may be revisited later and looked at more carefully. I have to say, I'm impressed with Firefox OS. It is an open source operating system designed around HTML5 and this is their unique strategy to overcome the oppressive 'App store trap' which inheritly restricts new platforms from entering the market. I have a fear that this operating system is the easiest of the lot to find/exploit new vulnerabilities due to the way it's been designed. I wouldn't be shocked that if in the future the project became closed source to add security. It restricts the way apps can run which is good but attacking it's B2S structure would immediately allow root access and there has already been a vulnerability from Mozilla 17 which affected the B2S. I just don't feel this system would be as secure as I need, plus adding encryption would end up being a nightmare. It's still something I will consider in the future however for now it's been disregarded.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
Sailfish OS - Considered
This is the first thing that I've come across which peaks my attention and is a potential candidate for my project is Sailfish OS. It has a very interesting history being started by the big names of Nokia & Intel as MeeGo, business decisions meant that it never became an official lasting product however the team behind it continued it's development under the Jolla name and adopted Mer. Sailfish OS is most importantly open source and uses the Linux kernel in combination with mer. Due to it's nature, many Android apps will run on it without problem. It also has a very powerful SDK with full emulation that works on windows, Mac OS & nix.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
PhoneCrypt - Disregarded
Someone suggested I take a look at this. I didn't dig too heavily however from what I could find out there are two mobile products, one is software and the other is hardware. I assume the software implementation is the most popular so I will speak to that first. First it isn't able to do all of the things I'm looking for so I had to rule it out based on that and it isn't open source meaning the company could have included anything. On top of that I found an old news report designed to bash their competitors and show them as the only secure software, this was put out by the company as a media stunt and makes me distrust them from the start. The software also only runs on the phone so it's still vulnerable to anything the OS wants to push on it, meaning it's not secure unless they've taken a few special measures which they don't indicate at all. Basically, an OS can hijack input from the microphone/keyboard before it is passed on to programs, so it's essentially key logging plaintext. This creates a problem that even if the program is 100% secure, it is built using insecure framework which completely undermines anything the program does (check out what Carrier IQ used to do). That's why I disregarded it in the end. As for the hardware implementation, this is more promising as it disables the ability to hijack things at the microphone however once again there is no way of verifying that this is free from spyware from the creator.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
Mer - Considered
This is what Sailfish OS runs on and is completely open source. At first I thought Mer would be too basic for what I needed but it seems I underestimated it. Telephony is built around pretty much standard GStreamer making what I need on that side of things fairly easy. It would come without the Sailfish Silica but it will get my device up and running with a Wayland Compositor running a complete Qt5 stack (with QML, widgets, etc). It is very basic but allows everything I need, it may be smarter to start from here as opposed to butchering Sailfish. Either way it is being considered as an option.
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
zlsNBAe.jpg


Now technically this image isn't exactly correct but it is good enough for what I want to explain and most peoples understanding.
As I've been saying, programs that claim to be secure really aren't because the input can be hijacked at the operating system level before it gets encrypted. I'll write more later I need to eat
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
Okay just to touch on the diagram above and then move on. I drew up the picture above to try and describe at what level your data (I will use that as an all encompassing term for microphone [eg: calls] and keyboard [eg: text messages] input) can be hijacked. One well known example of this was CarrierIQ, what it did was record passwords and data as it was being inputted in to your phone, it then had the capability to relay the information to carriers and third parties (read: law enforcements) in real time. CarrierIQ initially denied these claims and served a cease and desist order but someone brought everything to light and they were eventually dropped by both Apple (iOS 5 I believe) and Android. Obviously these types of services still exist and it shows you exactly what level they were monitoring your phone long long ago. Even if your using a program to encrypt/store your data it is NOT sucessful as the data hits the operating system as plaintext, as you see in the example above. What needs to happen to ensure security is to have text input encrypted as everything happens, this means less functionality and bells and whistles than we are used too but a great improvement to security.
Current system:
User -> Keyboard -> OS -> Program -> Storage -> Encrypted Data
Proposed system:
User -> Keyboard -> if x program is open then encrypt text during input -> Stored in RAM until time to be saved (on crash data lost) -> OS -> Program parses ciphertext, fairly unusable -> Storage -> XOR saved file

Technically as the keyboard is part of the OS (otherwise you would hit a key and the phone wouldn't know what to do) it means that the highest level your data can be encrypted is at the OS level where it hits the input method (microphone/keyboard) but you can encrypt the data as part of the key being recognised... It means you lose the functionality of things being recognised by the program, for example [email protected] wouldn't be recognised as an email like in most modern day systems as the program wouldn't be able to see what was being input
 
hoodlum

hoodlum

MuscleHead
Jan 3, 2012
903
172
I've been having a bit of a play around with Virtual Box (I think 4.2.12) and the Sailfish SDK. The entire OS isn't open source as I first thought but you can find a fairly decent chunk of it at http://images.formeego.org/jolla/sources/ with v1.0.7.16 being the most updated

UMWnLZS.jpg
 
PillarofBalance

PillarofBalance

Strength Pimp
Feb 27, 2011
17,066
4,640
It is fascinating but I will never believe a cell phone will be truly secure. I am convinced any data particularly sent wireless can get picked off.

Having said that I hope hoodlum does find something to help.
 
Who is viewing this thread?

There are currently 0 members watching this topic

Top