"We're going to need verifiable sources for claims like that."
This entire parent+thread argument back and forth is completely absurd.
It doesn't matter whether he has sources. It doesn't matter whether that firm does or does not exist. It doesn't matter what you think of their tech or his explanation or who is who or what is what.
Your phone has two[1] completely independent, full-featured computers inside of it, totally distinct from the actual computer that is your phone (that you use) that are completely out of your control, and depending on the model, have up to DMA control over your device.
Whisper systems does not solve this. SecurePhoneBlahBlah does not solve this. Moxie Marlinspike does not solve this. If you have a smartphone, you are owned at a deeper level than you've ever been owned before and there is nothing you can do about it other than removing your SIM card. Game over.
[1] The baseband processor and the SIM chip itself.
Great point -- that is 101 of any serious security equipment validation. It is not that this software package/app or that card and so on are certified. The whole package from ground up (hardware components down to analog bits, EM emission... up to top level application get certified as secure) has to be.
I can't buy some mathematically proven secure software, install it on a Chinese tablet and claim it is secure and expect it to get approved.
This is a funny market as some domestic analog components are hard to find today. Micron, I think, makes some but heck most are sourced from China.
This makes 'secure' hardware ridiculously expensive. As in $50k+ for switches and routers and there is a whole market specializing in it.
Now, one can look at it another way -- some security is better than no security. I can see the argument on both sides. At least if NSA can record my phone calls maybe the local cops can't and so on...
Use separate devices: one with SIM/baseband, one without (wifi only).
Only encrypted traffic goes through the mobile device, e.g. cheap Firefox phone. Decryption takes place on wifi-only "media player" device in the form factor of a phone.
This is still exposed to DMA attacks from wifi device, but it's a smaller attack surface. Next level of protection is a hardware IOMMU on Cortex-A15 or x86 VT-d, plus a Type-1 hypervisor to isolate the wifi device.
Keep in mind that even without a SIM, the GSM radio is still active[1]. From my GSM-layman perspective, it sounds safer than being in a "trusted" pairing with the network, yet since it's all closed source, you have to wonder if there are magic packets that can own your device just as badly as if you have a SIM in.
>> Whisper systems does not solve this. SecurePhoneBlahBlah does not solve this.
1. The SIM chip generally is not a full featured computer and I'm unsure that it would have DMA access. But yes the baseband processor is indeed an issue.
2. Products like this prevent the kind of passive data-slurping that has been popular so far - i.e. install a box at the telco and record everything. That's a good start.
So yes, it does matter and it's a good start, and it pushes up costs for pervasive surveillance.
The SIM card is a full featured computer. It has memory, a CPU, and your telco operator can upload java applets to it which can interact with the baseband and the application processors.
And that's the point ... right now the stingrays and such simply act as IMSI catchers, etc., but if they can impersonate the carrier they can upload arbitrary java applets to the SIM card which can undermine the call-encryption app you are using. It's an obvious next step which you aren't protected against.[1]
I don't know if any SIM cards get DMA access the way some baseband processors (not all) do ...
[1] You could get one of those little sim wrapper foils and enable encryption-only for your SIM (which it almost certainly does not have now) which I think would defeat a lot of the carrier-impersonation attacks ...
This is an important point. We waste a lot of breath accusing people of having deliberately planted backdoors, and moving to alternatives that we think are too trustworthy to have backdoors in them.
Whether or not the programmers behave ethically, they're still going to make mistakes and write vulnerable code like everyone else, and you'd better believe the security services (and their contractors) are looking for them.
