Topic: Secure smartphone? (Read 1507 times)

Yes, currently am using J7 prime and I found it very secured. I used password and fingerprints for my lockscreen. The good thing in its fingerprint is that it recognises only on fingerprint. My phone recognised my right thumb so even I uses my left thumb, it won't open same as the rest of my fingers.

iam recomended smartphone in samsung
high secure, high brand, and use OS android

and added antivirus in your smartphone

No secure , because secure not reall secure

I think iphone good choice

Not possible. Insecurity is the new secure. Live inna woods or become fish

You must have smoked something good, buddy.

I just said that Samsung smartphones come with a backdoor from the factory... Please read the following news, dated 2014 (not exactly  a news).

http://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor

As for the ability of Google to install (or remove), through push and pull notifications, whatever they like without your permission, see:

https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/issues/151

(I offered the work-around for rooted phones in the last post of that thread).

But also

https://jon.oberheide.org/blog/2010/06/28/a-peek-inside-the-gtalkservice-connection/

This issue is known since 2010 and it is still there.

not a single phone is secured .well if u want a user friendly phone samsung will be best for u .and be careful from the public networks ,they are not  always secured at all.but if it is given by the government use it ,hope u understood and buy a smartphone buddy

Seriously?

According to the Unclassified / Roll Call Release, "Threats to mobile devices Using The Android Operating System", issued by the Department of Homeland Security and the F.B.I on July, 23 2013 (ask me for a copy if you want it), Android is the least secure platform in terms of number of threats circulating and the lack of updates. Threats that, by the way, are delivered using text messages (SMS) and multimedia messages (MMS) so, that could potentially arm any phone from any brand and any OS release, simply knowing the phone number.

Of course, I agree, using the number of circulating threats doesn't really sound bi-partisan, considering the fact that Android is the most diffused platform.

But also stating that it is safe because it is based on Linux is not exactly a scientific analysis. Also iOS is based on FreeBSD.

That being said, the real threat to individual privacy comes from proprietary/closed software or architectures.

Unfortunately, ALL retail smartphones incorporate the baseband chip (the one used to connect to the cellular networks) and, guess what, all baseband chip manufacturers provide ONLY the binary of their drivers.

In other words, it doesn't matter which phone you will pick, it will come with a piece of software and hardware that you have to trust blindly.

As a side note, a while ago, a security research firm based in Germany found out that exactly that specific piece of software, installed on ALL Samsung devices, was used to eavesdrop all information from any Samsung phone, activated from an external unstoppable trigger.

At the same time all Android phones that come with google app store installed, come also with a piece of software that enable Google to install any app, at any time, without the authorization or the knowledge of the user.

Anyway, for this reason, our phones do not have the baseband firmware.

A good compromise could be to install Copperhead on a Nexus phone. Still half a way from total uncertainty to a spartan orthodox approach of our phones.

dont sync with server and stay offine
that the most secure way

Android os is good for you. Because it is linux. It is harder to infect with virus. But also it depends on the user. Some of hacking incidents are coming from the carelessness of the users. They are using some stupid applications which are infused with hacking tools. Be careful also from any brand of smartphones because some of them are injected with a very small device which they transmit every data you have.

I respectfully disagree with the statement "if  u use a public WiFi you can automatically forget about security".

That is true, if you use any "standard" phone. If on the contrary your device is aware of how a public WiFi works then there is no problem.

For example, our devices can connect to any WiFi. Our smartphones come with a low level IP firewalls that blocks all incoming connections both on IPv4 and IPv6 other than those coming from the encrypted VPN, only after the connection has been established.

Our phones do selectively block fake antennas that pretend to be a known WiFi already authorized by our phones, by keeping a map of the authorized mac addresses of the authorized antennas.

When it comes to connecting to the VPN gateway, we do not even use DNS queries to find the right IP, our connections are made using stating IP addresses for the VPN gateway (not for the phone interface, of course).

We do not exchange asymmetric keys on-line and the authentication is done against a certificate that is pre-installed on the phone at the moment the phone is shipped.

Certificates are updated every 12 months, so we update (send a new phone) every 12 months at top.

Once the connection is established with the VPN gateway (using AES256-CBC) all that any operator will see over the WiFi will be encrypted traffic back and forth our device and a remote IP (the VPN gateway) which may be chosen randomly by our clients at every reboot of the phone from a set of up to 80 different gateways in 80 different countries.

The traffic is further obfuscated as it is directed usually toward port 53, which is the port used to query a DNS server.

In other words whoever would sniff the WiFi traffic would see a lots of encrypted queries to some remote DNS. That's all. So I find difficult, even if you install Wireshark in any open WiFi, to figure it out what our device is doing.

Since we are on the subject, our phones do only encrypted calls, messaging and e-mail.

Both sender and receiver connect the way I described above to different gateways.

On top of the encrypted VPNs runs, for each service (voice, message, email) an encrypted query to a distributed hash table with static IPs, updated at every boot. Those static IPs are located all across the globe in several countries, mostly managed by university research centres, not us.

Through those queries, the calling party is able to find the VPN gateway IP and port of the called party (not the real IP address).

The calling party will never know the real IP of the called party and vice versa. Once the "virtual" IP are known the calling party will establish a peer-to-peer call (or text or email).

Again, the actual call will be established only if the called party has previously authorized, and exchanged, a symmetric key with the calling party, through a safe channel.

In our case the safe channel is optical, meaning, both phones need to be close to each other and exchange a bar code when they are first paired.

From there, a perfect forward secrecy method to update the keys is used.

Once the party is acknowledged, an end-to-end encryption (AES256 o TwoFish) will be used to encrypt the correspondence.

This encryption goes on top of the previous two VPN encryptions (one for the called and one for the calling party).

Traffic goes obfuscated (port 53) from the calling device (in one country) to the VPN gateway (another country) to the other VPN gateway on random port in another country, and finally on the last device, in another country again.

It is very similar to what TOR does, with the difference that TOR cannot be used because it doesn't guarantee enough bandwidth.

Anyway, it is getting really out of topic. All this to say, that just if you use any WiFi, that doesn't mean that your connection is doomed. That's all.

I do agree with you there is no secure smart phone as it stands as they devices can be compromised by people who understand them well
And possibly android should be the OS to use for a more controllable privacy option

I understand my contribution may arrive a bit late, still I would like to share my 2cents of wisdom.

I personally find hard to trust any solution that is not open-source AND community developed.

While the point of the first part (open-source) may be obvious to some it is still worth to mention that neither Apple iOS nor Blackberry OS are open source.

Yes, there has been a lot of marketing from those two companies, but we still have to remember that Blackberry was banned by the UAE and Pakistan, until they "complied" with the local government requirements, afterwards they were allowed to sell again their services over there. And we still have to remember that Apple encryption uses asymmetric encryption and that Apple has the key of the server holding all the public keys. I don't want to get into too much detail here, just remember that Fortune told us a few months ago that about 20% of all employees are willing to sell their credentials, 50% of them for less than $1,000. (the San Bernardino/FBI unpaid advertisement in favour of Apple had to do with something else, reading encrypted content. About which, just search for companies in San Francisco area who are able to dump iPhone flash on an external computer and then crack the 6 or 10 digit password with a PC in ten minutes).

Anyway, in view of all the news that we have been fed with, trusting blindly someone is something we should not take it lightly.

As for the second part, "community developed". We need to remember that there are companies that have been shut down because they were required to provide details of their clients (does anyone remember Lavabit for one?).

There are also companies (Yahoo?) that simply didn't care and decided to spy on ALL e-mails. Right, all e-mails.

What about the famous "warrant canary" ? Do you know what it is? And, since I read above someone talking about Silent Circle. Do you know that they removed their "warrant canary" last June? Do you know that the "warrant canary" has been missing from Reddit since 2015?

Now, either we take the subject seriously, and we start analyzing all the bits and pieces that could compromise our privacy, or it just becomes another gossip and an overall waste of time.

So, if anyone develops any proprietary solution becomes instantly a liability. And there is no place on earth where he can hide.

Not just from the spying governments, but also from the hackers. Allow me to open another can of worms.

All cellular networks have serious vulnerabilities that allow almost anyone to locate, impersonate and tap every call, message or internet data traffic of any cellphone worldwide, regardless of  the brand, OS release and location. I have explained this at length on Quora for those who are interested in this detail (you can check the videos on our website too if you like)

So what are we left with?

Only open-source, community developed software, running on a phone that does not connect to a cellular network, but it can connect to the Internet through the WiFi (I dare anyone to find a device by just having its mac address, on the Internet).

Well, that is what we do. Untraceable, Encrypted, Anonymous smartphones that communicate with each other triangulating each call (message or e-mail) over at least two VPNs and jumping over at least 3 to 5 countries. And to avoid any illegal use of our devices, we allow only to communicate with each other.

We do not allow any sort of "interaction" with non secure lines. As I am saying in these days, i know a person that would be U.S. president by now if would have understood the point of carrying two phones instead of one.

I will appreciate any comment or suggestion or ideas on how to make our devices even safer than what they are now. Please note that we are only focused on privacy, not on megapixels, megahertz and gigabytes.

P.S. I found your post because we also load a bitcoin wallet on our untraceable phones, for those who need to carry some cash with them while travelling.

p.p.s. On our phones you cannot install apps, of any sort, So in some ways it is difficult to change their behaviour (hacking them). Yes, not even updates. If an update becomes necessary to protect the privacy of our customers, we send them a new phone as we do not trust OTA updates and we don't manage any update server (would be another liability).

Please, ECB, all "dumb" phones or burners are absolutely unsafe. Check our answers on Quora or ask me directly if you like

Buffer Overflow, beside the fact I like your nick name, you are absolutely right!

There's never any real way to have a smart phone that cannot be hacked to.

I vote for an iphone

  Nokia is offering many smart phone these days, they also can't access your private.

You can try Android phone, it is more or less safe. Currently this is the only one option, how to protect privacy. 

That advert made me laugh. It bangs on about privacy, yet made the school boy error of showing the phone has Google and Playstore on the phone.

If someone cares about their privacy, they wouldn't be using Google or Playstore (which requires proprietary gapps installed on phone) in the first place. 

https://www.silentcircle.com/buy/

here's the one. you sure do pay for privacy though and there appears to be some type of subscription model.

personally i'd stick to dumb phones and do my computing on a laptop.

so did you buy that note 7? I heard they can explode. even cause death and destruction?