smash-the-firewall/slides/smartphone.md
2024-04-24 17:22:29 +02:00

96 lines
2.4 KiB
Markdown

<!-- .slide: data-background="img/this-is-your-brain-on-apps.jpg" -->
## Smartphone
--
## Less control
Compared to a computer, it's more complicated:
- to replace the operating system
- to investigate the presence of malware
- to uninstall default programs, see branded phones
- to prevent monitoring
--
## Obsolescence
Furthermore, the phone manufacturer, by declaring it obsolete, stops
providing software updates, leaving vulnerabilities out in the open
--
## Geolocation
When a phone is on, it connects to a cell of the phone network, which
cell and which phone are marked by the operator, who keeps this information for a long
time
--
## Geolocation
It is possible to triangulate a device by estimating the signal strength
received from nearby cells, it is activated by calling 118 and kind of like if you are under
surveillance.
There is no way to avoid this attack other than leaving the phone at home
:)
--
## Geolocation - IMSI
IMSI Catcher, a simulated mobile phone tower definitely
[used](https://www.ilfattoquotidiano.it/2015/06/13/con-limsi-catcher-cellulari-a-rischio-attenzione-il-cacciatore-ti-ascolta/1770363/)
[in Italy](https://duckduckgo.com/?q=capitolatotecnicoradiomobili+site%3Apoliziadistato.it).
It can answer questions like: "give me all the phone numbers
present in this area, on that day" without the need to request them from the magistrate.
It is
[widespread](https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies),
if you want to have fun you can build an [IMSI Catcher
Detector](https://seaglass.cs.washington.edu/)
--
## Geolocation
- The wifi, when ON, broadcasts a unique identifier
- Same for bluetooth
- 2G, 3G and roaming decrease security
- The geolocation services also uses the list of WiFi networks near you
--
## Good practices
- Does my phone listen to my conversations?
- Even when it's off?
- Should I remove the battery?
For sensitive discussions, leave your phone in another room. If 20
people simultaneously turn off their phones in the same location,
the operator knows.
--
## Physical attacks
- Don't use fingerprints and facial recognition
- Encrypt the phone
- Most of the time, if you phone changed hands, you lost
--
## Anonymous sim cards
- Mostly snake oil, except a few providers of eSIMs
- When possible buy with cash at supermarkets
- If you have personal informations on the phone, the sim card is not
anonymous anymore
- The more you use, the less you are secure