Protecting phone from network / operator layer attacks

Hello community,

I recently read many articles about different kind of attacks made by hackers on smartphone and i was surprised to see how many kinds exist on the network layer (bluetooth, 4G, wi-fi, …)

When we talk about security most of the time we consider the “device part” by instaling apps or protecting OS (antivirus, permissions, “VPN”, tor, etc …) but even with a “secured phone” it seems to be possible to exploit vulnerability coming from operator on network levels such as SS7 and Diameter layers, SIMJacking using old libraries inside SIM card or other approach like bluetooth/wi-fi attacks from a little range.

What do you think about security on these levels ?
Knowing this in the end, is securing a phone a kind of utopia ?
What could we do to improve protections on these layers ?

3 Likes

You are right. I see it the same way.

The security depends on your mobile network provider. How much money and resources they invest into mobile security. Then the mobile phone hardware. In this case the radio chip which is isolated from the rest of the smartphone hardware. Also the firmware of the radio chip is located on the separate baseband partition and acts like a mini OS. In my understanding the content of the baseband partition cannot be adapted like the AOSP project can be.

There is a app on F-Droid called SnoopSnitch. It is about mobile network security. It will come along with two test scopes:

  1. testing the mobile network security and detecting attacks
  2. testing the Android patch level.

While testing the Android patch level should be possible on all Android devices the other test scope need some prerequisites.

  • Root privileges** enabled
  • Qualcomm-based chipset (see device list)
  • Stock Android ROM, version 4.1.2 or higher
    Note: Custom Android ROMs like CyanogenMod may or may not work, depending on the availability of a Qualcomm DIAG kernel driver (DIAG_CHAR).
1 Like

Thanks that’s very interesting ! I will try SnoopSnitch.

For now the only other solution i found on the web were the Librem 5 from Purism with its buttons to switch off radio hardware and the Librem Sim for communications but these solutions are very expensive and mainly based in the US.

1 Like

or you have an encrypted phone which does also encrypted calls. But if you want that your phone is realy secure at all times there is no other way as to turn off the signals they can catch. And there never will be. Even with all the protection there is still a signal which can be reverse engeeniered or hacked in an other way.

1 Like

Yep, sadly security really look like a kind of utopia … :pensive:

I even heard stories about ultrasonic tracking throught microphone (the perfect backdoor system … wonderful :partying_face:)

I was looking at the Librem 5 with it’s hardware separation system and it’s dedicated SIM card, the project sound good but reviews on youtube are not very good. To me it’s more about the price, i can’t afford it ! ^^

@se2019 i tried Snoopsnatch, my phone don’t have the right chipset but i will keep the name of the app in mind :slight_smile: