[GLLUG] Smart Phone Security

Sean Omalley omalley_s at rocketmail.com
Mon Apr 7 12:37:33 EDT 2014

The worst part, is not -knowing- your data was stolen. If someone steals my wallet, I know it is gone, if someone copies your data, you don't know it until they use it. 

As far as cyanogenmod, you will also want to make sure you have a supported phone first. IIRC they chain the bootloader, use the same kernel, and drivers, and a new rootfs. 

Some of the arm platforms aren't terribly well publicly documented, it is actually an issue getting linux platforms working with some hardware. There has been quite a bit of standardization between the hardware, bootloader and kernel, making it easier and less quirky which should impact both standalone linux arm, and embedded devices, making it easier for everyone moving forward.  Plus a lot of bugs have been fixed and even some logic errors like alignment issues. 

On Friday, April 4, 2014 10:59 PM, Richard Houser <rick at divinesymphony.net> wrote:
For starters, you have to forget the base image that ships and go with something like aosp or a cyanogenmod base.  Then, be very careful about the perms you grant apps, in particular phone identity.
>On April 4, 2014 4:50:47 PM EDT, Clay Dowling <clay at lazarusid.com> wrote:
>On 04/04/2014 02:19 PM, Chick Tower wrote:
>>I don't own a smart phone.  I don't want a smart phone.  I read
>>>frequently about how they are easily exploited and often just give
>>>away your information.  At last night's meeting, I asked how smart,
>>>security-conscious Linux users can trust their phones, and the answer
>>>I received was a universal "I don't trust my smart phone."  Does
>>>anyone else know of any ways to safely use a smart phone (your own,
>>>not a borrowed one)?
>>>I was also told of a method thieves are reportedly using to find
>>>houses to burglarize.  They break into a car at some event that will
>>>last a while (I think the Silverdome was mentioned), use the car's GPS
>>>to find home, and go there, knowing at least some of the occupants are
>>>gone.  So maybe programming "home" to
be somewhere else nearby is a
>>>good idea, if you don't want to drive a car without a GPS like I do.
>>>The device isn't to be trusted, and shouldn't have sensitive information
>>on it.  Among other things, it's really easy to leave a phone somewhere,
>>or have it stolen.  Like all cell phones, smart or dumb, it's hackable. 
>>The FBI, or anybody who has a bit of savvy, can use your phone as a
>>listening and tracking device.  Even the cheapest of phones will divulge
>>location information when properly probed, and the microphone can be
>>turned on.  But again, your cheap brick phone is just as vulnerable to
>>this attack as a smart phone.
>>Putting sensitive information on a phone isn't a good idea, because it's
>>an electronic device that can be compromised.  But the risk isn't
>>significantly greater than the risk you run from carrying around your
>>wallet, which is full of sensitive information and entirely susceptible
>>to the five finger discount attack.
>>linux-user mailing list
>>linux-user at egr.msu.edu
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
>linux-user mailing list
>linux-user at egr.msu.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20140407/867d5c76/attachment.html>

More information about the linux-user mailing list