[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How safe is smartphones today?



anonymous coward:
> Nathan Freitas:
> > On 04/02/2014 07:01 PM, anonymous coward wrote:
> >> Many people use TOR or secure ways to chat on smartphones.
> > 
> >> The last months have reveiled how hard secret services attack our
> >> phones.
> > 
> >> This leads me to the question, how secure are our smartphones at
> >> all?
> > 
> > It comes down to what are you afraid of?
> 
> 
> Thanks to all for replying.
> 
> Well, I try not to get caught in the dragnet. Besides, I have no special
> threat model or fear.
> 
> But, the situation could change quickly in certain situations without
> your intention.
> 
> For example, I want to talk to political activists, I would like to
> discuss with them, no matter if I share their views or not. This could
> easily make you interesting for certain people. Sometimes just talking
> to certain people could make you suspicious.
> 
> And this is my concern.

If you are concerned with protecting the social graph of who you are
communicating with, there is *maybe* exactly one communication system
that exists today that can protect this information from a dedicated
adversary with resources on the order of a drug cartel. 

The system I'm referring to is a prototype written by a Google engineer
in their spare time: https://pond.imperialviolet.org/

It comes with this disclaimer:

"Dear God, please don't use Pond for anything real yet. I've hammered out
nearly 20K lines of code that have never been reviewed. Unless you're
looking to experiment you should go use something that actually works."

Of course, even if Pond itself is secure (and it very well may be -
despite the disclaimer, Adam Langley is actually a very capable
cryptographic engineer), if you use it on a normal, non-hardened
computer, your social graph can still be obtained by compromising that
computer.

> Is a mobile device safe to use for "sensitive" discussions?
> 
> In my view and recent events suggest you can become a target, although
> you are just a small number. Just talking to people could cause this.
> 
> If I listen to the discussion in this thread, a mobile device is not
> adequate at all to protect your data in case of a targetted attack.

It is my opinion that there is little substantial difference between a
computer you get off the shelf today, and a WiFi-only mobile device you
get off the shelf today. Both have to be hardened in ways that are just
as involved as the blog post I wrote about hardening Android.

This is sadly currently out of the reach of most humans today, if they
are dealing with an adversary with resources significantly beyond their
own.

There is no "perfect", there is only "bad", and "better". Because of
this, every situation needs detailed analysis to understand the nature
of the information you are trying to protect, and the resources and
capabilities of the adversary you are trying to protect it from.

> I guess, the only safe way would be to use an offline device for storing
> data and a second device for online communication. And a third device
> may be necessary. There are devices, that connect with bluetooth to your
> smartphone and do all all the encryption totally encapsulated in its own
> little box.
> 
> I don´t have any current need for such steps, but want to know what is
> the current state in security.

Unfortunately, the current state of security is that it sucks. In fact
dangerously so - to the point where I am not optimistic about our
ability to have functional computing devices at all in about 5-10 years
time unless drastic changes are made:
https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise


-- 
Mike Perry

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk