SMS vulnerabilities
#1
SIM cards are inherently bad in terms of security and privacy to use with PinePhone, take this as an example:
https://simjacker.com/
https://www.srlabs.de/bites/new-sim-attacks

But I still want (and NEED) to use a SIM card, so I would like to know if PinePhone disables binary SMS by default or if there is any option for the user to do this. I think the best solution would be to simply block binary messages completely.
  Reply
#2
I don't know if it's been looked at. SnoopSnitch is at least open so its capabilities for detection could be duplicated, assuming we have the necessary qualcomm DIAG driver available. I would guess it would have to be done in something at the level of ModemManager, or the open version of the modem firmware.
  Reply
#3
Interesting topic.

I do not know offhand, but my gut tells me that we are better off on GNU/Linux base than Android for instance, as the whole point of Free Software is that we are more in control of it.

Since you seem interested in this topic, kindly report back if you learn any more specifics, as I know I am interested and am sure others would be as well.
Cheers,
TRS-80

What is Free Software and why is it so important for society?

Protocols, not Platforms

For the most Linux-y experience on your Linux phone, try SXMO!

I am (nominally) the Armbian Maintainer for PineBook Pro (although severely lacking in time these days).
  Reply
#4
(04-14-2022, 04:43 PM)JohnDoe Wrote: SIM cards are inherently bad in terms of security and privacy to use with PinePhone, take this as an example:
https://simjacker.com/
https://www.srlabs.de/bites/new-sim-attacks

But I still want (and NEED) to use a SIM card, so I would like to know if PinePhone disables binary SMS by default or if there is any option for the user to do this. I think the best solution would be to simply block binary messages completely.

I don't have an answer to that specific question, but here is another option to experiment with.The only set up that I could think of would be to use a data only SIM with JMP.Chat. JMP.Chat can be used with Wifi and ethernet adapter, too. It was explained to me that the SMS is converted to IP at the JMP.Chat server so the SMS security issue is not there when you receive the SMS. Normal banking, eBay, Amazon, SMS codes still work fine for me. You can operate through JMP.Chat like a regular phone with domestic and international calls to landlines, cell phones, sending texts, and pictures. It's VoIP and it's very clear. I haven't used it with a data only SIM yet, so, I would be interested if there is an inexpensive security SIM that is made in a safe country. The service is on the XMPP system and there are supposed to be over a million servers out there. Finding a good Linux XMPP app to use with JMP.Chat is still a problem for me, though. Waydroid helps some with the Android Cheogram app (get it on F-Droid). The Dino app for Linux is still not working as well for me as it is for others. Cheogram on Android Graphene OS is perfect and reliable, but that is with a regular reflashed Android Pixel and I am able to use that set up with a fast Wireguard VPN. My Waydroid/PinePhone combination still cannot send the incoming call ringtone to the external speaker, so, I am still experimenting with it.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)