How much protection does an add-on GSM modem give me vs. built into phone ?
case at SDF.ORG
Wed Oct 3 18:04:02 UTC 2012
I use an old 2G dumbphone.
I would like to switch and begin carrying a unix computer with me, but two
things bother me:
1. When cellular device is added to computer, and integrated in a deep way
(as it is in an android phone) there seem to me a lot of instances where
the computer is subservient to the cellular partsof the phone. I am
thinking about things like carrier published updates to applications and
carrier updates to SIM data, etc. - I want to participate on the mobile
phone network, but I do not want the carrier to have any access to my unix
computer. It seems to me that they have a lot of access, though, when I
use something like an android phone.
2. Exploits ... baseband exploits, mobie network exploits, forced dialing,
speaker/mic toggling, root exploits like I saw described from rogue
cellsites at defcon 2 years ago ... I want nothing to do with this.
So my current thought is to not buy a phone at all, but instead buy a unix
computer - perhaps the samsung galaxy player ? It is a near-clone of
Samsung i9000, but without any phone hrdware (but it does have speaker and
mic, so you could use it as a very nice SIP device). And my idea is that
when I do not have WIFI access, I could connect a USB GSM modem to this
unix computer and use the GSM modem ONLY for data, and connect SIP calls
1. Am I correct that embedding the mobile components into the computer
(like in a mobile phone) give my carrier many more vectors for accessing
the computer side of things, and ive "mallory" many more vectors for
attack ? I spoke very generally above about those methods - what are the
actual names for these behaviors ?
2. Am I correct that if I connect a external GSM modem to my unix
computer, I am nullifying most of these, and I am not giving my carrier
any abiity to update/examine/alter/access my unix computer .... and am
also avoiding things like secretly enabling the microphone, baseband
exploits, etc. ?
Any additional thoughts on using a computer instead of a phone, and then
adding a GSM modem when that is the only way to get SIP connectivity ?
More information about the baseband-devel