+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: General Discussion on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=127)
+--- Thread: Latest security loophole (/showthread.php?tid=10843)
Latest security loophole - WSS - 07-25-2020
Hi,
How to disable the IMU sensors on pine64 community edition? Anyone knows?
RE: Latest security loophole - User 18618 - 07-26-2020
Were you in the Matrix channel yesterday, by chance?
I don't believe this is possible with the hardware killswitches - unless killing all five disables additional hardware, ala the Librem 5?
If the IMU sensors are exposed to and supported by the kernel, would something akin to rfkill be applicable? If not, I posit that software will have to be written to achieve this.
RE: Latest security loophole - WSS - 07-27-2020
(07-26-2020, 09:08 AM)jed Wrote: Were you in the Matrix channel yesterday, by chance?
I don't believe this is possible with the hardware killswitches - unless killing all five disables additional hardware, ala the Librem 5?
If the IMU sensors are exposed to and supported by the kernel, would something akin to rfkill be applicable? If not, I posit that software will have to be written to achieve this.
The hardware killswitches do not disable to IMU.
I am on the channel.
RE: Latest security loophole - jrowe - 07-27-2020
Fingerprinting can be done via IMU / motion based biometrics. The hardware switches preclude transfer of the data, so even if the device is compromised, you have to turn the communications back on before there's any loss of information to an attacker.
The degree of separation between the compromise and the protections means the hardware switches still do their job. Cameras can be used as data transfer, beyond just data harvesting, meaning an exploit of the camera creates the opportunity for future exploitation of the device, based on data triggers or streams via light or QR codes, etc. Microphones can accomplish input and output. GPS radios can be used for i/o, as can power ports, and screens can be used for output.
Is there an exploit of the specific hardware the pinephone uses for IMU? Wireless IMU chips can obviously be recruited into an I/O setup, but passive measurement hardware would only be able to passively collect data, which can be dealt with in sanitizing a device before resuming communications.