
Our Cellphones Aren't Safe - sinak
https://www.nytimes.com/2018/12/26/opinion/cellphones-security-spying.html
======
tptacek
Counterpoint:

In the history of the industry no mass-market computing platform has been
safer than the flagship hardware/software platforms from Apple and Google ---
on no platform does an exploitable vulnerability cost more to obtain, and no
platforms have ever been more capable of establishing secure channels between
themselves.

SS7 is insecure. But operational practices at both the carriers and inside
governments rely on those insecurities to get jobs done, and some of those
jobs are important and enjoy wide support. Anything we do to shore up the
security of SS7 will, almost necessarily, include compromises most of us here
will find hateful, and we'll be stuck with those compromises for another
generation.

Rather than "fixing the potholes" in GSM and SS7, we could instead accept that
the cell signaling layer is insecure, and route around those weaknesses with
application code that can establish end-to-end secure channels accountable
only to their users. That's pretty close to what Apple has already done with
SMS text messaging, which opportunistically upgrades to Apple's secure
iMessage protocol. We can do even better than that!

That's what we've done with the Internet, where this approach is called "the
end to end argument in system design". It worked there and will work just as
well for telephony.

~~~
kevin_thibedeau
There is a reason why POTUS can't have an iPhone.

~~~
throwawaymath
Do you have a source for this? A casual search online shows that both Obama
and Trump use(d) iPhones in office.

------
lwansbrough
Imagine a service where you type in a phone number, and it used the GPS
location data sold by cellular providers to obtain the physical location of
the phone number. It would then autonomously fly a drone near the GPS location
of that device and use an onboard cell-site spoofer to intercept data from
that device.

That’s all possible today.

~~~
koala_man
And also easily defeated with commonly available end to end encrypted
messaging

~~~
ehnto
Recent Australian laws make it possible to force Australian companies and
individuals to compromise software to defeat encryption. Which could be as
simple as getting a boutique update delivered to a device that includes a
screen recorder or keylogger, and it doesn't necessarily have to be the
messaging app that gets compromised. That isn't really a problem unique to
Australia or state level actors. I think apple and Android have some
protections against screen recording.

~~~
libdjml
Fortunately, Australia doesn’t make any phones or popular e2e software.

~~~
ehnto
It wouldn't have to be the e2e software as the delivery app for the payload or
tooling. Regardless it was more about the fact that governments and other
actors have options. Phones are just like any other software platform.

------
bvinc
I've always wondered this. When encryption algorithms are broken, we phase
them out for new ones. When cell tower protocols have weak encryption we don't
seem to do anything about it. I hear that edge and 2g protocols are completely
unsafe but there's not even an option in my phone to disable them. What gives?

~~~
JumpCrisscross
> _When cell tower protocols have weak encryption we don 't seem to do
> anything about it_

Consumers are more likely to switch because of coverage than security.

~~~
inetknght
> _Consumers are more likely to switch because of coverage than security._

This is, perhaps, because they aren't informed that their communications
aren't secure and that coverage is extended _despite_ being insecure.

------
chakalakasp
Don’t make phone calls on the teleco layer. Make them on the application
later, such as FaceTime voice or Signal. If phone companies won’t secure their
networks, lay a secure layer on top of the phone company network.

~~~
matt-attack
That’s all fine except SMS is the defacto method that most use for password
resets, dual-factor, etc. This was mentioned in TFA.

What does one do about that?

I think it would be amazing if banks and financial institutions used iMessage
but I can’t see it happen.

~~~
hackerman12345
IME most SMS verification is bundled with some additional information
submitted by the user (e.g. secret information, ID information).

~~~
SahAssar
All of which is pretty easily phished.

------
jsjsoaofnfn
Actually 5G provides this overhaul, more than it provides speed benefits for
customers.

The 4G backend still has a web of trust between operators and their e.g. IP
exchange providers. As far as I know, this will change with 5G.

Roaming data confidentiality can then be routed and encrypted until the home
operator network, while the associated metadata is accessible for the IP X to
provide their services.

The home operator can verify the smartphone is actually in the visited
network.

These are all bits and pieces that break up the operator's web of trust.

------
hsivonen
No mention of why GSM 2G was made less secure than it could be and what
current policy makers could learn from that.

[https://www.aftenposten.no/verden/i/Olkl/Sources-We-were-
pre...](https://www.aftenposten.no/verden/i/Olkl/Sources-We-were-pressured-to-
weaken-the-mobile-security-in-the-80s)

------
interfixus
> _Nobody could have envisioned how deeply ingrained cellular technology would
> become in our society_

Am I the only one often peeved by this kind of slop in thought and expression?
Of course somebody could. Some visionaries even did, and not than just Arthur
C. Clarke.

So rightly: 'Few envisioned how deeply ...'

------
hardwaresofton
The first fully open source phone (RISC-V?[0]) that ditches the 3G chip and
goes wifi only using either software defined radio or open source wifi chipset
(RISCV again?[1]) will be the only thing to fix this IMO.

We have the means to have secure communication over insecure channels with
asymmetric crypto signing+encryption (which doesn't seem broken at least for
now), the problem is semi-solved at the software layer -- we now need to solve
the privacy/security issue at the layers below software.

[0]: [https://riscv.org/](https://riscv.org/)

[1]: [https://riscv.org/2018/10/hackaday-article-new-part-day-
the-...](https://riscv.org/2018/10/hackaday-article-new-part-day-the-risc-v-
chip-with-built-in-neural-networks/)

~~~
rapsey
Wifis are often absolutely terrible for low latency applications such as voip
(buffer bloat). Also that means your phone only works at home and in the
office

~~~
hardwaresofton
Yes, but this is only if you subscribe to wifi as it exists today, or near
you.

It's becoming increasingly common to rent portable wifi devices from 3G
carriers, and if long distance wifi mesh networks ever take off things will be
even better.

The idea is to not have your _primary mobile computing platform_ be
compromised, if you can prevent it.

Also, see the sibling post to this -- [https://www.gl-inet.com/products/gl-
mifi/](https://www.gl-inet.com/products/gl-mifi/)

------
aplummer
> Large companies such as AT&T, Verizon, Google and Apple have not been public
> about their efforts, if any exist.

Isn’t this one of the major selling points of iMessage etc?

------
CorvusCrypto
Hmm interesting read. In Sweden there is a thing called BankID and basically
you can use your mobile device as a universal authenticator. Of course, you
need to have the device and enter a 6-digit pin, but I often wondered how
dangerous it was to use this so much. And on top of that I know people that
used it in local cafes on public WiFi.

I would love to do an examination of communication via BankIDs app to the
internet to see what kind of security exists to protect the user. If you can
get the person's social number (personnummer) and their 6-digit code, then
spoof their device (probably the easier part) you can basically take over
their life in Sweden.

~~~
vlovich123
U2F & authenticator apps are _way_ better than cellular. Cellular provider
companies suck at infosec in massive ways.

~~~
CorvusCrypto
Pretty much my hope. If it's so easy to snoop on cell traffic my hope then is
that the app communication is encrypted using modern standards and airtight.
Though I'm sure you're right since these apps are more under the microscope.
It's probably fine.

~~~
vlovich123
I had my Uber account hacked even though it had SMS 2FA enabled (from Russia
as best I could tell). Now maybe there was some flaw in Uber's implementation
but I don't trust SMS 2FA. Talk to any competent security researcher - SMS 2FA
is only mildly better than no 2FA.

The fact that cellular traffic to this day isn't encrypted properly[1] even
though LTE was supposed to should indicate just how horrible cellular
providers are at infosec & what happens when they drive security requirements.

[1] [https://arstechnica.com/information-
technology/2018/06/lte-w...](https://arstechnica.com/information-
technology/2018/06/lte-wireless-connections-used-by-billions-arent-as-secure-
as-we-thought/)

------
xwat
There are no secure smartphones (2016)
[https://news.ycombinator.com/item?id=10905643](https://news.ycombinator.com/item?id=10905643)

~~~
libdjml
The twice-linked brief article states that basebands have full OS memory
access, which is not true in 2018. And the article is completely uncited.

------
userbinator
I am relieved to see that this is not another article about EM radiation from
mobile phones. However, the title is a bit clickbaity in that manner.

------
xte
No one want safe widespread solutions: we want to being able to spy both for
bad and good reasons. The good part is simply justice: telecommunications are
vital to anyone, criminals included, to a point that we do not want to limit
them. But to catch criminals we still need a bit of surveillance power.

Unfortunately the very same power is interest for criminal itself to spy on
their targets, any kind of criminal from the home thief that may like follow
you to know when you go on holidays, what kind of safety you have at home
(because yes, you post new shiny photos of your new home surveillance system,
together with it's plan, photos of you and few technicians during the mounting
phase etc), what you have in your house (because you post tons of
photos/selfie with relevant "background") to your insurance company that buy
with discretion your data from Amazon/Google/Microsoft/Apple, data recorded by
voice assistant, smart devices with cameras everywhere, speaker mic of your
phone etc (curiously in the past such kind of spying devices were buy, and
they are very expensive, by people who want to spy on you. Today you buy them
from the people willing to spying on you and also you pay connectivity and
electricity form them) to your government that likes to know your political
opinion and influence network like ancient est-German STASI or modern
NSA/FBI/CIA/* do.

The real "safety" point is not safety itself but balance of power. A knife
good to cut a succulent steak is also good to kill someone and perhaps to open
a package. A car the same. A phone the same. etc. They are instruments with
more or less effectiveness, comfort and power. If they are balanced so anyone
have more or less the same power we have no real safety problem. If too few
have too much power we have a problem, bigger as fewer and powerful
counterparts are.

Unfortunately to proper balance power as a society we need also a certain
level of awareness and civic sense distributed among us, because yes knowledge
is power. At any level. Today's and not from today's we evolve in a more and
more ignorant society with a more and more reduced élite that rules against
tons of sheep.

------
bitxbitxbitcoin
I guess this is supposed to be the part where the masses decide whether the
added safety is worth the inconvenience of not having cellphones? Or have we
already.

------
newman8r
I recently launched [https://www.tamarin.us](https://www.tamarin.us) (fake
websites + canary credentials) hoping I could capitalize on some of this - but
IMO it's a hard sell (and a lot of the salespeople I spoke with kept
confirming how hard enterprise security sales are). It will probably be a
while before I try to work on another privacy-related product.

Fortunately I'm having a little bit more luck on my current project in the
health space.

~~~
Spooky23
You should sell it to consultants. The problem with honeypots in enterprise is
that the enterprise leadership wants to avoid knowing things.

~~~
salawat
This single post reveals more about how disconnected from reality
corporate/enterprise leadership is incentivized to be, and about the state of
bad faith overall w.r.t user's privacy than I think I've seen in a long time.

Please tell me this is a joke.

~~~
Spooky23
It’s cynical, but not a joke.

Big institutions are fundamentally feudal organizations. If you look back at
medieval times, some of the lords and dukes were wise men driven by some
higher purpose. Others were not.

The tools have changed, but people are the same.

It’s also why regulation is so important. Like feudal lords, the agents of the
overlord (ie the auditors) are feared and respected. Compliance tied to
compensation or continued employment is something that is cared about.

------
deytempo
New York Times is broken for IOS mobile

------
colordrops
Privacy and hacking, but also mental and social health, road safety, and
potentially radiation danger. Mobile devices are sort of a Faustian bargain.

~~~
malcolmgreaves
Cell phones release non-ionizing radiation. (1) Your internal risk model
should put this at the same level as being outside in the sun.

(1) [https://www.cancer.gov/about-cancer/causes-
prevention/risk/r...](https://www.cancer.gov/about-cancer/causes-
prevention/risk/radiation/cell-phones-fact-sheet)

~~~
colordrops
> non-ionizing radiation

This is a tired response that everyone memorizes but fails to back with facts.

1\. There are studies showing some effects besides DNA mutation, such as
heating, due to non-ionizing radiation, which could cause a number of health
effects.

2\. The World Health Organization classified cell phone radiation as a
potential carcinogen. The CDC has stated that there is no conclusive evidence
one way or the other on whether cell phones cause cancer.

3\. I said "potentially" above.

~~~
yongjik
Ah yes, the good old "Group 2B carcinogens" that are "possibly carcinogenic to
humans". It includes lead, DDT, dry cleaning (as a job), firefighting (as a
job), aloe vera extract, ginkgo extract, and pickled vegetables.

A more dangerous Group 2A includes red meat, "Shift work that involves
circadian disruption", and "Very hot beverages (more than 65°C)", according to
Wikipedia.

Group 1 contains UV light.

So, walking outside in a sunny day sipping coffee after eating BBQ with kimchi
is _probably_ more dangerous than cell phones. Doubly so if you're a
firefighter.

~~~
judge2020
I think the point is that you likely won't do all of those things all day
every day; rarely do you spend all day and night in the sun, drinking coffee
every hour, and eating red meat 3 times a day.

Your phone is with you at all times of the day, always within 5 feet of your
person, which means that _if_ it leads to cancer (which we will likely find
out within the next 30 years since American children are now surrounded by
phones and tablets from age 5) then it's much more likely that you end up with
cancer because of your phone rather than the fact that you were out in the sun
for an hour every day.

~~~
yongjik
The first iPhone was released in 2007. Radars have been used since WW2. Of
course it's _theoretically_ possible that cell phone radiation causes cancer
to everyone but only after being largely ineffectual for 12 years of
continuous use, but that's somewhat reaching, IMHO.

