smash-the-firewall/slides/smartphone.md

97 lines
2.4 KiB
Markdown
Raw Normal View History

2024-04-20 13:50:27 +02:00
<!-- .slide: data-background="img/this-is-your-brain-on-apps.jpg" -->
## Smartphone
--
2024-04-24 17:22:29 +02:00
## Less control
2024-04-24 15:04:34 +02:00
Compared to a computer, it's more complicated:
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
- to replace the operating system
- to investigate the presence of malware
- to uninstall default programs, see branded phones
- to prevent monitoring
2024-04-20 13:50:27 +02:00
--
2024-04-24 15:04:34 +02:00
## Obsolescence
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
Furthermore, the phone manufacturer, by declaring it obsolete, stops
providing software updates, leaving vulnerabilities out in the open
2024-04-20 13:50:27 +02:00
--
2024-04-24 15:04:34 +02:00
## Geolocation
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
When a phone is on, it connects to a cell of the phone network, which
cell and which phone are marked by the operator, who keeps this information for a long
time
2024-04-20 13:50:27 +02:00
--
2024-04-24 15:04:34 +02:00
## Geolocation
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
It is possible to triangulate a device by estimating the signal strength
received from nearby cells, it is activated by calling 118 and kind of like if you are under
surveillance.
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
There is no way to avoid this attack other than leaving the phone at home
2024-04-20 13:50:27 +02:00
:)
--
2024-04-24 15:04:34 +02:00
## Geolocation - IMSI
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
IMSI Catcher, a simulated mobile phone tower definitely
[used](https://www.ilfattoquotidiano.it/2015/06/13/con-limsi-catcher-cellulari-a-rischio-attenzione-il-cacciatore-ti-ascolta/1770363/)
[in Italy](https://duckduckgo.com/?q=capitolatotecnicoradiomobili+site%3Apoliziadistato.it).
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
It can answer questions like: "give me all the phone numbers
present in this area, on that day" without the need to request them from the magistrate.
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
It is
[widespread](https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies),
if you want to have fun you can build an [IMSI Catcher
Detector](https://seaglass.cs.washington.edu/)
2024-04-20 13:50:27 +02:00
--
2024-04-24 15:04:34 +02:00
## Geolocation
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
- The wifi, when ON, broadcasts a unique identifier
- Same for bluetooth
- 2G, 3G and roaming decrease security
- The geolocation services also uses the list of WiFi networks near you
2024-04-20 13:50:27 +02:00
--
2024-04-24 15:04:34 +02:00
## Good practices
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
- Does my phone listen to my conversations?
- Even when it's off?
- Should I remove the battery?
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
For sensitive discussions, leave your phone in another room. If 20
people simultaneously turn off their phones in the same location,
the operator knows.
2024-04-20 13:50:27 +02:00
--
2024-04-24 15:04:34 +02:00
## Physical attacks
2024-04-20 13:50:27 +02:00
2024-04-24 15:04:34 +02:00
- Don't use fingerprints and facial recognition
- Encrypt the phone
- Most of the time, if you phone changed hands, you lost
2024-04-24 17:22:29 +02:00
--
## Anonymous sim cards
- Mostly snake oil, except a few providers of eSIMs
- When possible buy with cash at supermarkets
- If you have personal informations on the phone, the sim card is not
anonymous anymore
- The more you use, the less you are secure