[GLLUG] Smart Phone Security

Richard Houser rick at divinesymphony.net
Fri Apr 4 22:59:20 EDT 2014

For starters, you have to forget the base image that ships and go with something like aosp or a cyanogenmod base.  Then, be very careful about the perms you grant apps, in particular phone identity.

On April 4, 2014 4:50:47 PM EDT, Clay Dowling <clay at lazarusid.com> wrote:
>On 04/04/2014 02:19 PM, Chick Tower wrote:
>> I don't own a smart phone.  I don't want a smart phone.  I read
>> frequently about how they are easily exploited and often just give
>> away your information.  At last night's meeting, I asked how smart,
>> security-conscious Linux users can trust their phones, and the answer
>> I received was a universal "I don't trust my smart phone."  Does
>> anyone else know of any ways to safely use a smart phone (your own,
>> not a borrowed one)?
>> I was also told of a method thieves are reportedly using to find
>> houses to burglarize.  They break into a car at some event that will
>> last a while (I think the Silverdome was mentioned), use the car's
>> to find home, and go there, knowing at least some of the occupants
>> gone.  So maybe programming "home" to be somewhere else nearby is a
>> good idea, if you don't want to drive a car without a GPS like I do.
>The device isn't to be trusted, and shouldn't have sensitive
>on it.  Among other things, it's really easy to leave a phone
>or have it stolen.  Like all cell phones, smart or dumb, it's hackable.
>The FBI, or anybody who has a bit of savvy, can use your phone as a
>listening and tracking device.  Even the cheapest of phones will
>location information when properly probed, and the microphone can be
>turned on.  But again, your cheap brick phone is just as vulnerable to
>this attack as a smart phone.
>Putting sensitive information on a phone isn't a good idea, because
>an electronic device that can be compromised.  But the risk isn't
>significantly greater than the risk you run from carrying around your
>wallet, which is full of sensitive information and entirely susceptible
>to the five finger discount attack.
>linux-user mailing list
>linux-user at egr.msu.edu

Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20140404/2f94ecfb/attachment.html>

More information about the linux-user mailing list