As cool as this is, it's resistive touch which is alright but it's no capacitive touch, and it's 2G which is largely useless for mobile connection in a lot of places, and certainly useless if you need data, which most people do. Still, excellent proof of concept and also it might be a fantastic tool to be able to build yourself in some places.
Hope it isn't similar flop as "Lilygo TTgo T-Watch" which it's barely usable but not due to meager hardware specs. It's the software with hardwired long boot sequence so you either live with the ESP draining battery out in few hours or waiting some second every time you wake the clock up. The manufacturer just assumed you want it to be always on and connected and counting steps and whatever, battery life be damned.
I would be fine if it wakes only once in 5 minutes to get online or on pushing the physical button. The hardware is there. But the manufacturer just don't care.
Seeing the speed at which governments across the world are keen on breaking encryption or enabling backdoors, this appears to be one of the ways we're headed for.
I guess one of the other ways is: "have a phone because it's required for website accounts and work -- don't do anything on it." Talk to your friends and family in person, which is _kinda_ arguably healthier. No social media, or hell, maybe not videogames either.
As everything becomes more and more spied on, this seems to be the way to go. I never say anything interesting to coworkers over MS Teams, I'll just wait till I see them in person before engaging in any real talk.
These open source / DIY mobile devices rely on an IC to perform the telephony side of things. In this example, a SIM800C made by SIMCom which could require additional "features" to pass certifications. How would you ensure there is no existing backdoor in the chip's firmware?
> How would you ensure there is no existing backdoor in the chip's firmware?
Basically, you can't. See my other comment in this thread.
If your modem is used in the USA (and likely elsewhere), your cell service provider won't allow it on the network unless it's running firmware that they approve of. Period. This usually means firmware blobs provided by them with absolutely no means of inspecting what it does.
If it's on the network, it has a backdoor. No exceptions.
This is why there are no open source modems. It's not a legal possibility.
Realistically, snoop on every byte passed between your phone's processor and the modem's chipset. Wort-worst case, injecting code into the phone's CPU through another backdoor or some other exploit.
Basically, taking complete control of the modem and potentially using that as a launch point for a more detailed attack.
Besides that, in the US at least, your phone's cell modem does have a backdoor. Every single one of them, no exceptions. Your telco can remotely update your modem's firmware and there is absolutely nothing you can do to stop it. Telcos are allowed/required to have total control of the firmware of any modem attached to their network. Source code is never, ever available. All cell modems are a total black box.
This also applies to terrestrial internet connections. Your cable modem or DSL has a firmware blob provided by your telco, no matter who you bought the modem from.
Most of these attacks can be mitigated by having a modem separated by a well-documented interface and a kill switch. These are exactly what I have on my phone.
