08-23-2023, 07:11 PM
(This post was last modified: 08-23-2023, 07:12 PM by Kevin Kofler.)
Sorry, but reading first your other thread and now this, I think you have a ridiculously high amount of paranoia.
Any WiFi and/or Bluetooth chipset is potentially vulnerable to exploits in the hardware, the firmware, or the kernel driver. Also the ones in your computer, in other smartphones, etc. Whether software has its source code publicly available or not has been found to have little to no impact on its security track record. People looking for security vulnerabilities can reverse-engineer closed-source code. (Also note that the WiFi/BT chipset's firmware is actually proprietary closed-source code, only the kernel driver is Free Software.)
In practice, such a vulnerability would have to be found first. To the best of my knowledge, there are currently no known ones, and if ones are found, I would hope that they get addressed quickly by a driver or firmware update.
If you really want to make sure that WiFi and Bluetooth are turned off, just turn off the corresponding hardware killswitch. And if you do not even trust the PinePhone's hardware, you should be able to verify with a voltmeter that the chip is really no longer powered.
But if you need working WiFi and/or Bluetooth, then by design, exposure to the theoretical risk of over-the-air exploits cannot be avoided, no matter what chipset on what device you are using.
Any WiFi and/or Bluetooth chipset is potentially vulnerable to exploits in the hardware, the firmware, or the kernel driver. Also the ones in your computer, in other smartphones, etc. Whether software has its source code publicly available or not has been found to have little to no impact on its security track record. People looking for security vulnerabilities can reverse-engineer closed-source code. (Also note that the WiFi/BT chipset's firmware is actually proprietary closed-source code, only the kernel driver is Free Software.)
In practice, such a vulnerability would have to be found first. To the best of my knowledge, there are currently no known ones, and if ones are found, I would hope that they get addressed quickly by a driver or firmware update.
If you really want to make sure that WiFi and Bluetooth are turned off, just turn off the corresponding hardware killswitch. And if you do not even trust the PinePhone's hardware, you should be able to verify with a voltmeter that the chip is really no longer powered.
But if you need working WiFi and/or Bluetooth, then by design, exposure to the theoretical risk of over-the-air exploits cannot be avoided, no matter what chipset on what device you are using.
