The Problem with Mobile Phones

This is why we need more devices like Pyra [1], which was in the frontpage today [2]. Or its sister project, the Neo900 [3].<p>To me, current mobile phones seem like a step backwards in many fronts, as highlighted by the EFF or the Neo900 developers [4]:<p>- It should be possible to install your preferred OS, pretty much like you do on a PC.<p>- Hardware components should be more open. When not possible, they should be isolated like the Neo900 will do [4].<p>These two things would lead to much better privacy, and less planned obsolescence. It&#x27;s atrocious that many cell phones don&#x27;t get software updates past the 24 months mark.<p>We should get much more serious about this. The current mobile landscape is depressing.<p>[1] <a href="http:&#x2F;&#x2F;pyra-handheld.com&#x2F;" rel="nofollow">http:&#x2F;&#x2F;pyra-handheld.com&#x2F;</a><p>[2] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9463032" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9463032</a><p>[3] <a href="http:&#x2F;&#x2F;neo900.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;neo900.org&#x2F;</a><p>[4] <a href="http:&#x2F;&#x2F;neo900.org&#x2F;stuff&#x2F;ohsw2014&#x2F;ohsw2014.pdf" rel="nofollow">http:&#x2F;&#x2F;neo900.org&#x2F;stuff&#x2F;ohsw2014&#x2F;ohsw2014.pdf</a>

The Electronic Frontier Foundation (EFF) notes in their report &quot;mobile phones were not designed for privacy and security&quot;. While the report is mostly focused on the wide varieties of mobile phone tracking (from GPS to wireless access), it illuminates perhaps the root of the issue noted in many mobile security articles: Mobile phones now mimic personal computers, and it begs the question: Why?<p>For such a ubiquitous device that holds so much personal data and is portable in ways laptops will never be, one wonders why we are designing mobiles to be just like tiny laptops with all the same protocols, applications and OS APIs. First, sure, it&#x27;s easy, but who ever heard of an old-school phone dying from a DDoS attack (which now is the current major mobile threat)? Or, being taken over by malware and every contact, password and account login sent to the Maldives for quick smash-and-grab sessions against bank accounts and so forth?<p>Maybe the intrinsic issue is really that we are still doing the &quot;make it smaller&quot; thing with tech and calling that innovation instead of &quot;make it different&quot; which out of the box often comes with intrinsic security of its own for actually being different.

This is part of the reason why I&#x27;ve been considering getting a one-way pager and leaving my mobile phone off or in airplane mode.<p>This way I would only need to take my phone out of airplane mode if I happen to be in a location where I can&#x27;t use another phone to return pages.

<i>&quot;Turn phones off&quot;</i><p>The only truly <i>&quot;off phone&quot;</i>, is one without batteries or in a microwave, sans the power cord.

I&#x27;m surprised A-GPS didn&#x27;t get a mention. There must be data leaked when your phone uses MSA to obtain higher resolution for the rough GPS location that it has. (less so with MSB)

Even the ubuntu phone comes with software you &#x27;can&#x27;t install&#x27; (unless you go beyond the normal interface) and has software of dubious origin on it (&#x27;here&#x27;). Missed chance on many fronts.<p>The problem isn&#x27;t so much &#x27;mobile phones&#x27; the problem is <i>smart</i> mobile phones and the suppliers of software for them, and for all mobile phones the big black box that is the baseband processor and whatever goes on in there. Little snitches does not cover it.

I&#x27;m surprised that addon cards for laptops such as the Gobi3000 aren&#x27;t mentioned yet. Are these a security risk? Is &quot;off&quot; really off to such a card? Is isolation sufficient?

Some phones have baseband processors that can remain powered up even when the phone is officially off. No malware is required.