How much protection does an add-on GSM modem give me vs. built into phone ?

John Case case at SDF.ORG
Wed Oct 3 18:04:02 UTC 2012


I use an old 2G dumbphone.

I would like to switch and begin carrying a unix computer with me, but two
things bother me:

1. When cellular device is added to computer, and integrated in a deep way
(as it is in an android phone) there seem to me a lot of instances where
the computer is subservient to the cellular partsof the phone.  I am
thinking about things like carrier published updates to applications and
carrier updates to SIM data, etc. - I want to participate on the mobile
phone network, but I do not want the carrier to have any access to my unix
computer.  It seems to me that they have a lot of access, though, when I
use something like an android phone.

2. Exploits ... baseband exploits, mobie network exploits, forced dialing,
speaker/mic toggling, root exploits like I saw described from rogue
cellsites at defcon 2 years ago ... I want nothing to do with this.

So my current thought is to not buy a phone at all, but instead buy a unix
computer - perhaps the samsung galaxy player ?  It is a near-clone of
Samsung i9000, but without any phone hrdware (but it does have speaker and
mic, so you could use it as a very nice SIP device).  And my idea is that
when I do not have WIFI access, I could connect a USB GSM modem to this
unix computer and use the GSM modem ONLY for data, and connect SIP calls
that way.

My questions:

1.  Am I correct that embedding the mobile components into the computer
(like in a mobile phone) give my carrier many more vectors for accessing
the computer side of things, and ive "mallory" many more vectors for
attack ?  I spoke very generally above about those methods - what are the
actual names for these behaviors ?

2. Am I correct that if I connect a external GSM modem to my unix
computer, I am nullifying most of these, and I am not giving my carrier
any abiity to update/examine/alter/access my unix computer .... and am
also avoiding things like secretly enabling the microphone, baseband
exploits, etc. ?


Any additional thoughts on using a computer instead of a phone, and then
adding a GSM modem when that is the only way to get SIP connectivity ?


Thanks.




More information about the baseband-devel mailing list