SlideShare uma empresa Scribd logo

Neo900: Crafting The Private Phone

Sebastian Krzyszkowiak
Sebastian Krzyszkowiak

A tale of the Neo900 project about the obstacles on its way to achieve The Ultimate Private Phone. What are the threats for smartphone user's privacy? How to deal with them? Is it possible to make a phone that will protect us so well that it will let us forget about privacy at all? The talk has been given via videoconference on 2014-11-29 at OpenPhoenux Hard- and Software Workshop 2014 in Garching, Munich. Recording: https://www.youtube.com/watch?v=ahPFCFooBv0&list=PL-s0IumBit8Mofxj0Fn2kH6RB9VtnKS4K

Tecnologia
1 de 40
Baixar para ler offline
Neo900 Crafting The Private Phone Sebastian Krzyszkowiak dos http://dosowisko.net/ OHSW 2014 Garching, 29.11.2014 CC-BY-SA 4.0 http://neo900.org/stuff/ohsw2014/
2 Neo900 Neo900 The truly open smartphone that cares about your privacy. Merge of GTA04 and Nokia N900... and beyond http://neo900.org/
3 Neo900 ● TI OMAP3 DM3730 @ 1 GHz ● 1 GB RAM ● 512 MB NAND + 32/64 GB eMMC ● Cinterion PHS8/PLS8 modem (LTE) ● GPS/GLONASS ● Dualtouch resistive screen ● Modem sandbox and monitoring solution ● Hackerbus ● http://neo900.org/specs
4 The Hardware Problem ● I'm the admin of my PC. Why can't I be the admin of my phone as well? ● We don't use App Stores on PCs. Why should we need them on phones? ● We can choose from hundreds of systems to install on PC. Why can't we do that on mobiles as well?
5 The Hardware Problem
6 The Hardware Problem Does a cellphone really differ so much from your average laptop? It doesn't. It's just smaller and more integrated.
7 The Hardware Problem ● Lack of documentation ● Closed components ● Porting – the neverending story ● Upstream? In your dreams. ● Planned obsolescence ● When you have to break into your own device in order to use it as you wish, something is completely wrong!
8 Privacy
9 How can your privacy suffer? ● Data on your storage gets damaged or destroyed ● Data gests leaked via: – The Internet – Other wireless technology – Removable media ● Your life gets spied on: – Location tracking – Audio/video eavesdropping – Logging your activities, collecting metadata
10 Privacy? ● Turns out a good, open, hackable device is a perfect first step towards better privacy.
Baseband processor ● A big, proprietary black box. ● Known to often be vulnerable. ● All Your Baseband Are Belong To Us Ralf-Philipp Weinmann, Black Hat conf 2011
Baseband processor ● Having control under the main operating system (like Android) is not enough ● Main problem with projects like Blackphone
13 Baseband processor ● The baseband is often tightly integrated with rest of the system – Direct connection to microphone – Direct Memory Access
Baseband processor
Baseband processor
Baseband processor
Baseband processor
Baseband processor
Baseband processor
Baseband processor
21 Open baseband? ● Unfortunately, it's not going to happen for both economical and legal reasons. ● Basebands are cryptographically locked and any change in their firmware results in revokation of their certification, rendering them illegal to use in public networks.
22 OsmocomBB ● Open baseband firmware ● Runs on TI Calypso (the same as in GTA01/02) ● Illegal to use as a phone outside the lab ● http://bb.osmocom.org
23 Open baseband? ● However, open baseband does not magically fix all the privacy problems.
24 The threats ● Tracking – Trilateration based (IPL, OTDOA, E-OTD, U-TDOA) – GPS-assisted (RRLP) ● Eavesdropping ● Data leakage ● Security bugs in firmware, SIM cards ● Direct access to main RAM
25 The threats ● GSM hacking – It's not hard to do fun rogue stuff with GSM. – Encryption (A5/1, A5/3) was broken long ago ● It was actually deliberately weakened in specs to make live of governmental surveilance agencies easier. – Denial of Service attacks are easy – The only „protection” is... illegality
„Private Phone” Private Trustable Open
27 Not solvable ● Eavesdropping of calls ● Eavesdropping of Internet connection ● Trilateration while connected to the network It can (and does) happen outside of the device or is necessary for it to function. Aside from encryption, there's nothing we can do against it.
28 Neo900 concept ● Counter-surveillance rather than audit and trust ● Everything not 100% in control is considered rogue ● Rogue stuff is sandboxed and constantly monitored
29 Neo900 design x breaker x The baseband processor is locked into a cage breaker
30 Neo900 design ● If the modem is compromised, the main system remains safe use the encryption, Luke ● If the modem is supposed to be off, but it isn't – we know that and react accordingly before anything bad happens ● If the GPS is in use when not requested – we know that but the antenna will be disabled anyway ● If the modem tries to record audio when not requested – we know that but it won't be able to do it
31 Neo900 design ● When modem act badly, user is notified and automatic hard reset via emergency_off line and/or hard shutdown by cutting power can be applied.
32 Neo900 concept ● This way, when something fishy is going on, software kicks off an alarm to make user do efficient measures to stop the threat: – Removing the battery – Destroying the device – Hiding it under the seat in bus and leaving ● With basic solutions like external power switch, user is not aware that his device has been tampered with. – ...but it can be used post-mortem
33 Neo900 design ● Our monitoring approach can also reveal some „rogue” activities from outside – like packet-storms on airports. https://www.schneier.com/blog/archives/20 14/04/gogo_wireless_a.html#c5459667
34 Neo900 design ● In the end, it's the user who gets the full control over how their device works and how it reacts to possible threats. ● Staying secure may need some effort, but without it there's only false sense of security – which is even worse than no security at all.
35 Interesting resources ● https://srlabs.de/rooting-sim-cards/ ● https://srlabs.de/gsmmap/ ● http://openbsc.osmocom.org/trac/raw-attachmen t/wiki/FieldTests/HAR2009/har2009-gsm-report. pdf ● https://media.blackhat.com/bh-dc-11/Perez-Pico /BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-Sl ides.pdf ● http://events.ccc.de/congress/2008/Fahrplan/ev ents/2997.en.html
36 SIMtrace ● Osmocom SIMtrace is a software and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone. http://bb.osmocom.org/trac/wiki/SIMtrace
37 Neo900: current status ● Almost 400 devices already „preordered” – That's twice as much as we needed to proceed ● Most of the design finished ● Schematics catching up with the design ● Sourcing is tough – components slowly fade away in the market
38 Neo900: current status http://neo900.org/stuff/block-diagrams/
39 Neo900: next steps ● Sourcing the risk parts (like 1GB RAM) ● Ordering the cases ● BB-xM based proto_v2 expected in February
40 Thank you! http://neo900.org/stuff/ohsw2014/ http://neo900.org/resources/ QA: IRC - #neo900 on Freenode http://webchat.freenode.net/?channels=neo900

Recomendados

EntroWatch V1.2 (1)
EntroWatch V1.2 (1)EntroWatch V1.2 (1)
EntroWatch V1.2 (1)Helen Williams
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet SecurityCODE BLUE
 
Surveon Professional NVR3000 Product Introduction
Surveon Professional NVR3000 Product IntroductionSurveon Professional NVR3000 Product Introduction
Surveon Professional NVR3000 Product IntroductionSurveon Technology Inc.
 
ATM Compromise with and without Whitelisting
ATM Compromise with and without WhitelistingATM Compromise with and without Whitelisting
ATM Compromise with and without WhitelistingAlexandru Gherman
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever AloneOlga Kochetova
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Ultimate Surveillance Solution
Ultimate Surveillance SolutionUltimate Surveillance Solution
Ultimate Surveillance Solutiondplsurve
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sOlga Kochetova
 

Recomendados

EntroWatch V1.2 (1)
EntroWatch V1.2 (1)EntroWatch V1.2 (1)
EntroWatch V1.2 (1)Helen Williams
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet SecurityCODE BLUE
 
Surveon Professional NVR3000 Product Introduction
Surveon Professional NVR3000 Product IntroductionSurveon Professional NVR3000 Product Introduction
Surveon Professional NVR3000 Product IntroductionSurveon Technology Inc.
 
ATM Compromise with and without Whitelisting
ATM Compromise with and without WhitelistingATM Compromise with and without Whitelisting
ATM Compromise with and without WhitelistingAlexandru Gherman
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever AloneOlga Kochetova
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Ultimate Surveillance Solution
Ultimate Surveillance SolutionUltimate Surveillance Solution
Ultimate Surveillance Solutiondplsurve
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sOlga Kochetova
 
Guard do
Guard doGuard do
Guard doДепартамент науки, промышленной политики и предпринимательства города Москвы
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelinesviplavsarkar
 
Kaba paxos compact-sales-brochure_en_01
Kaba paxos compact-sales-brochure_en_01Kaba paxos compact-sales-brochure_en_01
Kaba paxos compact-sales-brochure_en_01Mail Box Production
 
groundview-sentinel-v3
groundview-sentinel-v3groundview-sentinel-v3
groundview-sentinel-v3Mark Cromwell
 
Twig Embody - the wearable 3G/GSM/GNSS personal alarm device
Twig Embody - the wearable 3G/GSM/GNSS personal alarm deviceTwig Embody - the wearable 3G/GSM/GNSS personal alarm device
Twig Embody - the wearable 3G/GSM/GNSS personal alarm deviceJane Lindell
 
CCTV UAE, DVR CCTV Camera, IP Camera UAE
CCTV UAE, DVR CCTV Camera, IP Camera UAECCTV UAE, DVR CCTV Camera, IP Camera UAE
CCTV UAE, DVR CCTV Camera, IP Camera UAEsecuritysytem
 
Muco-2
Muco-2Muco-2
Muco-2Mohamad CHEHADI
 
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)Thermostat (gsm bug) hidden audio monitoring device (buy or rent)
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)dplsurve
 
Updated Nu Surveillance Power Point
Updated Nu Surveillance Power PointUpdated Nu Surveillance Power Point
Updated Nu Surveillance Power Pointch1ris
 
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User Manual
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User ManualCordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User Manual
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User ManualThorne & Derrick International
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animationviplavsarkar
 
STI 6400-FRE Data Sheet
STI 6400-FRE Data SheetSTI 6400-FRE Data Sheet
STI 6400-FRE Data SheetJMAC Supply
 
Wireless portable digital video recorder and camera (buy or rent)
Wireless portable digital video recorder and camera (buy or rent) Wireless portable digital video recorder and camera (buy or rent)
Wireless portable digital video recorder and camera (buy or rent) dplsurve
 
Introducing SAMSUNG Chromebook(XE303)
Introducing SAMSUNG Chromebook(XE303)Introducing SAMSUNG Chromebook(XE303)
Introducing SAMSUNG Chromebook(XE303)JJ Wu
 
Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)John Joseph San Juan
 
Free Mobile - when Android is not enough
Free Mobile - when Android is not enoughFree Mobile - when Android is not enough
Free Mobile - when Android is not enoughSebastian Krzyszkowiak
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
Juice Jacking 101
Juice Jacking 101Juice Jacking 101
Juice Jacking 101Robert Rowley
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
Security Issues in Android Custom Rom
Security Issues in Android Custom RomSecurity Issues in Android Custom Rom
Security Issues in Android Custom Romn|u - The Open Security Community
 

Mais conteúdo relacionado

Mais procurados

Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelinesviplavsarkar
 
Kaba paxos compact-sales-brochure_en_01
Kaba paxos compact-sales-brochure_en_01Kaba paxos compact-sales-brochure_en_01
Kaba paxos compact-sales-brochure_en_01Mail Box Production
 
groundview-sentinel-v3
groundview-sentinel-v3groundview-sentinel-v3
groundview-sentinel-v3Mark Cromwell
 
Twig Embody - the wearable 3G/GSM/GNSS personal alarm device
Twig Embody - the wearable 3G/GSM/GNSS personal alarm deviceTwig Embody - the wearable 3G/GSM/GNSS personal alarm device
Twig Embody - the wearable 3G/GSM/GNSS personal alarm deviceJane Lindell
 
CCTV UAE, DVR CCTV Camera, IP Camera UAE
CCTV UAE, DVR CCTV Camera, IP Camera UAECCTV UAE, DVR CCTV Camera, IP Camera UAE
CCTV UAE, DVR CCTV Camera, IP Camera UAEsecuritysytem
 
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)Thermostat (gsm bug) hidden audio monitoring device (buy or rent)
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)dplsurve
 
Updated Nu Surveillance Power Point
Updated Nu Surveillance Power PointUpdated Nu Surveillance Power Point
Updated Nu Surveillance Power Pointch1ris
 
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User Manual
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User ManualCordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User Manual
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User ManualThorne & Derrick International
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animationviplavsarkar
 
STI 6400-FRE Data Sheet
STI 6400-FRE Data SheetSTI 6400-FRE Data Sheet
STI 6400-FRE Data SheetJMAC Supply
 
Wireless portable digital video recorder and camera (buy or rent)
Wireless portable digital video recorder and camera (buy or rent) Wireless portable digital video recorder and camera (buy or rent)
Wireless portable digital video recorder and camera (buy or rent) dplsurve
 
Introducing SAMSUNG Chromebook(XE303)
Introducing SAMSUNG Chromebook(XE303)Introducing SAMSUNG Chromebook(XE303)
Introducing SAMSUNG Chromebook(XE303)JJ Wu
 
Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)John Joseph San Juan
 

Mais procurados (15)

Guard do
Guard doGuard do
Guard do
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelines
 
Kaba paxos compact-sales-brochure_en_01
Kaba paxos compact-sales-brochure_en_01Kaba paxos compact-sales-brochure_en_01
Kaba paxos compact-sales-brochure_en_01
 
groundview-sentinel-v3
groundview-sentinel-v3groundview-sentinel-v3
groundview-sentinel-v3
 
Twig Embody - the wearable 3G/GSM/GNSS personal alarm device
Twig Embody - the wearable 3G/GSM/GNSS personal alarm deviceTwig Embody - the wearable 3G/GSM/GNSS personal alarm device
Twig Embody - the wearable 3G/GSM/GNSS personal alarm device
 
CCTV UAE, DVR CCTV Camera, IP Camera UAE
CCTV UAE, DVR CCTV Camera, IP Camera UAECCTV UAE, DVR CCTV Camera, IP Camera UAE
CCTV UAE, DVR CCTV Camera, IP Camera UAE
 
Muco-2
Muco-2Muco-2
Muco-2
 
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)Thermostat (gsm bug) hidden audio monitoring device (buy or rent)
Thermostat (gsm bug) hidden audio monitoring device (buy or rent)
 
Updated Nu Surveillance Power Point
Updated Nu Surveillance Power PointUpdated Nu Surveillance Power Point
Updated Nu Surveillance Power Point
 
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User Manual
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User ManualCordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User Manual
Cordex ToughPIX 2302XP ATEX Hazardous Area Digital Camera - User Manual
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animation
 
STI 6400-FRE Data Sheet
STI 6400-FRE Data SheetSTI 6400-FRE Data Sheet
STI 6400-FRE Data Sheet
 
Wireless portable digital video recorder and camera (buy or rent)
Wireless portable digital video recorder and camera (buy or rent) Wireless portable digital video recorder and camera (buy or rent)
Wireless portable digital video recorder and camera (buy or rent)
 
Introducing SAMSUNG Chromebook(XE303)
Introducing SAMSUNG Chromebook(XE303)Introducing SAMSUNG Chromebook(XE303)
Introducing SAMSUNG Chromebook(XE303)
 
Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)
 

Semelhante a Neo900: Crafting The Private Phone

Free Mobile - when Android is not enough
Free Mobile - when Android is not enoughFree Mobile - when Android is not enough
Free Mobile - when Android is not enoughSebastian Krzyszkowiak
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROMAnant Shrivastava
 
HKG18-219 - Threat Modeling for IoT
HKG18-219 - Threat Modeling for IoTHKG18-219 - Threat Modeling for IoT
HKG18-219 - Threat Modeling for IoTLinaro
 
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...Felipe Prado
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Cloud Security Practices and Principles
Cloud Security Practices and PrinciplesCloud Security Practices and Principles
Cloud Security Practices and PrinciplesSumo Logic
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...CODE BLUE
 
DEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityDEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityFelipe Prado
 
Assignment sheet cctv
Assignment sheet cctvAssignment sheet cctv
Assignment sheet cctvAnuragSagar8
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
Digital Security for the IoT Presentation
Digital Security for the IoT PresentationDigital Security for the IoT Presentation
Digital Security for the IoT PresentationVera Ho
 

Semelhante a Neo900: Crafting The Private Phone (20)

Free Mobile - when Android is not enough
Free Mobile - when Android is not enoughFree Mobile - when Android is not enough
Free Mobile - when Android is not enough
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
 
Juice Jacking 101
Juice Jacking 101Juice Jacking 101
Juice Jacking 101
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROM
 
Security Issues in Android Custom Rom
Security Issues in Android Custom RomSecurity Issues in Android Custom Rom
Security Issues in Android Custom Rom
 
HKG18-219 - Threat Modeling for IoT
HKG18-219 - Threat Modeling for IoTHKG18-219 - Threat Modeling for IoT
HKG18-219 - Threat Modeling for IoT
 
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.
 
Cloud Security Practices and Principles
Cloud Security Practices and PrinciplesCloud Security Practices and Principles
Cloud Security Practices and Principles
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 
IoT Session Thomas More
IoT Session Thomas MoreIoT Session Thomas More
IoT Session Thomas More
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas More
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
CODE BLUE 2014 : Embedded Security in The Land of the Rising Sun by BEN SCHMI...
 
DEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityDEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning security
 
Assignment sheet cctv
Assignment sheet cctvAssignment sheet cctv
Assignment sheet cctv
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?
 
Digital Security for the IoT Presentation
Digital Security for the IoT PresentationDigital Security for the IoT Presentation
Digital Security for the IoT Presentation
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Neo900: Crafting The Private Phone

  • 1. Neo900 Crafting The Private Phone Sebastian Krzyszkowiak dos http://dosowisko.net/ OHSW 2014 Garching, 29.11.2014 CC-BY-SA 4.0 http://neo900.org/stuff/ohsw2014/
  • 2. 2 Neo900 Neo900 The truly open smartphone that cares about your privacy. Merge of GTA04 and Nokia N900... and beyond http://neo900.org/
  • 3. 3 Neo900 ● TI OMAP3 DM3730 @ 1 GHz ● 1 GB RAM ● 512 MB NAND + 32/64 GB eMMC ● Cinterion PHS8/PLS8 modem (LTE) ● GPS/GLONASS ● Dualtouch resistive screen ● Modem sandbox and monitoring solution ● Hackerbus ● http://neo900.org/specs
  • 4. 4 The Hardware Problem ● I'm the admin of my PC. Why can't I be the admin of my phone as well? ● We don't use App Stores on PCs. Why should we need them on phones? ● We can choose from hundreds of systems to install on PC. Why can't we do that on mobiles as well?
  • 5. 5 The Hardware Problem
  • 6. 6 The Hardware Problem Does a cellphone really differ so much from your average laptop? It doesn't. It's just smaller and more integrated.
  • 7. 7 The Hardware Problem ● Lack of documentation ● Closed components ● Porting – the neverending story ● Upstream? In your dreams. ● Planned obsolescence ● When you have to break into your own device in order to use it as you wish, something is completely wrong!
  • 9. 9 How can your privacy suffer? ● Data on your storage gets damaged or destroyed ● Data gests leaked via: – The Internet – Other wireless technology – Removable media ● Your life gets spied on: – Location tracking – Audio/video eavesdropping – Logging your activities, collecting metadata
  • 10. 10 Privacy? ● Turns out a good, open, hackable device is a perfect first step towards better privacy.
  • 11. Baseband processor ● A big, proprietary black box. ● Known to often be vulnerable. ● All Your Baseband Are Belong To Us Ralf-Philipp Weinmann, Black Hat conf 2011
  • 12. Baseband processor ● Having control under the main operating system (like Android) is not enough ● Main problem with projects like Blackphone
  • 13. 13 Baseband processor ● The baseband is often tightly integrated with rest of the system – Direct connection to microphone – Direct Memory Access
  • 21. 21 Open baseband? ● Unfortunately, it's not going to happen for both economical and legal reasons. ● Basebands are cryptographically locked and any change in their firmware results in revokation of their certification, rendering them illegal to use in public networks.
  • 22. 22 OsmocomBB ● Open baseband firmware ● Runs on TI Calypso (the same as in GTA01/02) ● Illegal to use as a phone outside the lab ● http://bb.osmocom.org
  • 23. 23 Open baseband? ● However, open baseband does not magically fix all the privacy problems.
  • 24. 24 The threats ● Tracking – Trilateration based (IPL, OTDOA, E-OTD, U-TDOA) – GPS-assisted (RRLP) ● Eavesdropping ● Data leakage ● Security bugs in firmware, SIM cards ● Direct access to main RAM
  • 25. 25 The threats ● GSM hacking – It's not hard to do fun rogue stuff with GSM. – Encryption (A5/1, A5/3) was broken long ago ● It was actually deliberately weakened in specs to make live of governmental surveilance agencies easier. – Denial of Service attacks are easy – The only „protection” is... illegality
  • 26. „Private Phone” Private Trustable Open
  • 27. 27 Not solvable ● Eavesdropping of calls ● Eavesdropping of Internet connection ● Trilateration while connected to the network It can (and does) happen outside of the device or is necessary for it to function. Aside from encryption, there's nothing we can do against it.
  • 28. 28 Neo900 concept ● Counter-surveillance rather than audit and trust ● Everything not 100% in control is considered rogue ● Rogue stuff is sandboxed and constantly monitored
  • 29. 29 Neo900 design x breaker x The baseband processor is locked into a cage breaker
  • 30. 30 Neo900 design ● If the modem is compromised, the main system remains safe use the encryption, Luke ● If the modem is supposed to be off, but it isn't – we know that and react accordingly before anything bad happens ● If the GPS is in use when not requested – we know that but the antenna will be disabled anyway ● If the modem tries to record audio when not requested – we know that but it won't be able to do it
  • 31. 31 Neo900 design ● When modem act badly, user is notified and automatic hard reset via emergency_off line and/or hard shutdown by cutting power can be applied.
  • 32. 32 Neo900 concept ● This way, when something fishy is going on, software kicks off an alarm to make user do efficient measures to stop the threat: – Removing the battery – Destroying the device – Hiding it under the seat in bus and leaving ● With basic solutions like external power switch, user is not aware that his device has been tampered with. – ...but it can be used post-mortem
  • 33. 33 Neo900 design ● Our monitoring approach can also reveal some „rogue” activities from outside – like packet-storms on airports. https://www.schneier.com/blog/archives/20 14/04/gogo_wireless_a.html#c5459667
  • 34. 34 Neo900 design ● In the end, it's the user who gets the full control over how their device works and how it reacts to possible threats. ● Staying secure may need some effort, but without it there's only false sense of security – which is even worse than no security at all.
  • 35. 35 Interesting resources ● https://srlabs.de/rooting-sim-cards/ ● https://srlabs.de/gsmmap/ ● http://openbsc.osmocom.org/trac/raw-attachmen t/wiki/FieldTests/HAR2009/har2009-gsm-report. pdf ● https://media.blackhat.com/bh-dc-11/Perez-Pico /BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-Sl ides.pdf ● http://events.ccc.de/congress/2008/Fahrplan/ev ents/2997.en.html
  • 36. 36 SIMtrace ● Osmocom SIMtrace is a software and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone. http://bb.osmocom.org/trac/wiki/SIMtrace
  • 37. 37 Neo900: current status ● Almost 400 devices already „preordered” – That's twice as much as we needed to proceed ● Most of the design finished ● Schematics catching up with the design ● Sourcing is tough – components slowly fade away in the market
  • 38. 38 Neo900: current status http://neo900.org/stuff/block-diagrams/
  • 39. 39 Neo900: next steps ● Sourcing the risk parts (like 1GB RAM) ● Ordering the cases ● BB-xM based proto_v2 expected in February
  • 40. 40 Thank you! http://neo900.org/stuff/ohsw2014/ http://neo900.org/resources/ QA: IRC - #neo900 on Freenode http://webchat.freenode.net/?channels=neo900