07-27-2020, 09:32 AM
Fingerprinting can be done via IMU / motion based biometrics. The hardware switches preclude transfer of the data, so even if the device is compromised, you have to turn the communications back on before there's any loss of information to an attacker.
The degree of separation between the compromise and the protections means the hardware switches still do their job. Cameras can be used as data transfer, beyond just data harvesting, meaning an exploit of the camera creates the opportunity for future exploitation of the device, based on data triggers or streams via light or QR codes, etc. Microphones can accomplish input and output. GPS radios can be used for i/o, as can power ports, and screens can be used for output.
Is there an exploit of the specific hardware the pinephone uses for IMU? Wireless IMU chips can obviously be recruited into an I/O setup, but passive measurement hardware would only be able to passively collect data, which can be dealt with in sanitizing a device before resuming communications.
The degree of separation between the compromise and the protections means the hardware switches still do their job. Cameras can be used as data transfer, beyond just data harvesting, meaning an exploit of the camera creates the opportunity for future exploitation of the device, based on data triggers or streams via light or QR codes, etc. Microphones can accomplish input and output. GPS radios can be used for i/o, as can power ports, and screens can be used for output.
Is there an exploit of the specific hardware the pinephone uses for IMU? Wireless IMU chips can obviously be recruited into an I/O setup, but passive measurement hardware would only be able to passively collect data, which can be dealt with in sanitizing a device before resuming communications.