Is a 'dumbphone' mobile more secure for basic phone calls than a smartphone?
By dumbphone I mean: no internet connection, very limited features, etc.
By more secure I mean: secure from malicious and direct hacking. I don't mean as in protected from government tapping/snooping; I don't mean from authorities who could be granted access somehow, through the mobile operator company.
Has the security of the basic phone call changed much, in the last 10 years ? Obviously smartphones have an endless number of new security holes as time goes on, a quick browse of Apple's security updates history, or searching Android in the tech news, proves this. But I'd suspect most of these vulnerabilities can be utilised because of the frequent connections to the internet made with them. So, do smartphones utilise anything new [purely in] the initiation and connection of just the phone call itself ?
Do currently available dumbphones even operate on non-internet enabled radio standards?
@DmitryGrigoryev It has some kind of java.... thing. That could be a not-dumb phone, or a very dumb phone depending on your point of view.
Define "more secure", please. Consider that Macs are claimed to be "more secure" by the simple fact that not as many people use that OS so there's less bang-for-buck for hackers. Dumb/feature phones *could* be considered more secure by the simple fact that people might not be targeting them any longer.
Is there a real difference between "illicit hacking" and "government tapping/snooping?"
I'm still not certain what your difference is. I think maybe you mean accessing the phone's data directly on the phone vs. accessing logs of your activity stored at the phone company?
"Malicious" doesn't seem any better than "illicit". Government can be malicious, too. Maybe you wish to say that your only realistic target is protecting yourself from hackers with fewer resources than those of a nation state.
Both of the above are the idea of what I mean. Free free to submit edit to question description.
Note my question http://security.stackexchange.com/questions/124900/in-mobile-can-early-media-be-sent-from-the-phone would surely apply to dumb phones, where the mic attaches straightly to a simple and undocumented modem chip.
Has the security of the basic phone call changed much, in the last 10 years ?
So, do smartphones utilise anything new [purely in] the initiation and connection of just the phone call itself ?
Yes. There are new technologies used to establish phone calls in cellular networks. Those new technologies mitigate some attacks which were possible due to flaws in the older ones. So if you use a "dumbphone" that runs on the older technologies you are subject to those attacks (i.e. the inverse is true, the smartphone is in this respect more secure).
The technologies used in the cellular networks basically evolved over time like this: 1st generation (analogue), 2nd generation (GSM etc.), 3rd generation (UMTS etc.), 4th generation (LTE etc.).
If you use a device running for example the GSM technology, an attacker might intercept your calls with hardware costs of only about $30 USD. Intercepting calls made with the newer technologies is harder up to a point where only nation state attackers can perform them.
Virtually all modern smarphones still support 2G, so they are still vulnerable to the same kind of attacks.
That's true, but the attacker would then need to perform a downgrade attack because those devices would only use the older technology if the newer one is not available.
A key point is that the attacker would need to be in cell range. If i infect your smartphone, i don't have to drive behind you with my RTLSDR / USRP to read your texts
@Hacktiker In most countries (excluding Austria AFAIK), a downgrade attack is a matter of standing in the area covered by the old 2G cell.
@DmitryGrigoryev agreed! That is why I set my smartphone to either connect LTE or show the antenna tower my best finger (not that one).
No offense, this misses the question completely, I feel, while being upvoted more than double of the next answer. The OP is not asking about using a GSM phone, but using a phone that *only* consists of the cellular network functionality, without the "smart" technology on top (i.e. without Android, iOS, Blackberry)...
Case in point: Snowden uses a feature phone (i.e. 'dumb phone). A few people would like to attack his phone, but even if they succeed, it's a very limited reward. OpenMOKO is an example of such a phone. An attacker will likely need a good working knowledge of the system he is trying to penetrate, and android is easy to persist on once in. Harder to persist on a classic Nokia.
With a HackRF One and OpenBTS it is still possible to IMSI catch (and downgrade crypto, and listen in on protocol data + calls), and in any case it is my understanding that when the phone modem is using DMA you are somewhat at the mercy of your telephony provider - who can silently push configs, over-the-air updates etc.
If possible, ensure that your phone cannot have its 4/3G downgraded to broken GSM. If using a smartphone, do not use default browsers, use apps that provide end-to-end crypto for IM and calls (WhatsApp, Wire, Signal (the last one is best), and if necessary VPN on public wifi.
"If possible, ensure that your phone cannot have its 4/3G downgraded to broken GSM." Is this setting available on any known phone? What would this feature be named?
@l0b0 Android had a very well hidden menu which allowed this to be changed, though I'm not sure if it still does. I can't seem to find it today.
Why is signal best? That sounds pretty opinionated and subjective- "best" in security? Usability? Price?
And it will present both peers with a random phrase on each voicecall to make MiTM at least noticeable.
@l0b0 as far as I know this feature is present on all sufficiently modern Android phones: on mine, it is in *Settings* > *Mobile networks* > *Preferred network type*, which then lets you select between *2G/3G*, *2G only*, or *3G only*. The setting in question would be *3G only*.
There was some talk recently about it being possible for WhatsApp's owner, Facebook, to silently decrypt all data passed theough the app. http://boingboing.net/2017/01/13/whatsapp-facebooks-ability.html - but regardless, it's better than raw SMS/voicecalls.
The reason for using a dumb (feature) phone in a case like Snowden's has nothing to do with the security of _calls_. If that was the only thing at stake (as this question asks) that data point would be irrelevant. The difference is in the surface provided for other kinds of attacks. The firmware of smartphones (including baseband radios, etc.) are often hackable from the network provider end of things and more likely to be turned into unwitting bugging devices than a less capable device. (Also turning them on and off, etc. is a lot faster if you're worried about the firmware being compromised.
@l0b0 My stock Samsung Galaxy S5 has such option in network settings. I can choose between LTE/3G/2G, 3G/2G, 3G, 2G. If I set it to 3G, it does not connect to 2G networks.
@AndrejaKo Sounds great. But what will it do if 4(LTE)/3G coverage is unavailable (for any number of reasons)?
@user400344 Not use the phone or accept the possibility of interception, same way as it is with any other broken encryption method.
Can you give more examples of dump phones and their persistances, please? OpenMOKO is pretty deprecated.
@user400344 Yes, any proposal for phone with less functionalities? Any with only 4G or 3G? No GSM.
Sure, Internet connection and physical data intefaces like USB or microSD constitute attack vectors.
However, if you use your smartphone as a dumbphone (i.e. never enable data connections, never plug an SD card in it and never connect it to devices other than the official charger), the level of risk is nearly the same.
It can be argued that if your phone falls in the wrong hands, nothing will prevent the attacker from using those interfaces, or exploit Android bugs. But physical access is fatal for dumbphone security as well. Those devices also have debug interfaces and interface bugs which can be exploited.
I think you might be conflating two different things when you say "more secure".
On the one hand, I'm sure that the old proprietary operating systems of 'dumb phones' could easily be hacked if the attacker could analyze the firmware, versus 'smart phones' where security, permissions and the safety of managed code prevent a lot. From that perspective 'smart phones' are vastly more secure.
However, if you look at the two phone types in terms of attack surface, there are vastly many more ways of attacking a 'smart phone' than a 'dumb phone'. If all your 'dumb phone' can do is text/call, the hacker is limited to physical access or cellular MitM attacks. Bring Bluetooth or internet connectivity into the picture and you open a couple more avenues. But on 'smart phones', someone could convince you to download a malicious app, or they could attack you through a legitimate app that has vulnerabilities, or they could phish you, etc.
However, if you had both a 'dumb phone' and a 'smart phone', and limited your activity ONLY to phone calls, I would still expect the 'smart phone' to be more secure with respect to targeted hacking.
*"old proprietary operating systems"* You mean like how Symbian is proprietary like Windows Phone is proprietary like Apple iOS is proprietary? The only real non-proprietary choice would be Android, but I strongly suspect that there are *plenty* of proprietary bits in a real-world Android installation even before you start adding apps yourself.
@MichaelKjörling a fair point - I suppose I'm more referring to hardware manufacturers who roll their own OS to cut costs - really just a menu system baked into firmware.
I think you are underestimating the software complexity of non-smartphone cellphones.
+1 for the attack surface. You need to have some dedicated, malicious neighbours if they set up an IMSI catcher. However, if the phone is an internet-connected computer, then every script kiddie on the internet is a potential attacker. And it's not only the number of potential attackers which expands the attack surface, it's also the user. With my old dumb phone, I made calls and sent texts. With my smartphone, I visit websites and install apps.
It can mitigate some risks but expose you to some other ones.
You see, in most smartphones (but not all), the cellular network interface is separate from the main CPU and only talks to it through a specific bus - if the mobile interface is compromised it's not game over just yet as the attacker still has to compromise the main CPU (though vulnerabilities in the code that controls the mobile interface, text message parsing like Stagefright, etc).
Feature phones, on ther other hand use an all-in-one chipset that runs both the OS as well as handle cellular communication. If that one is compromised the attacker gets full control of the phone straight away. It is also much easier to hide malware in a feature phone than a smartphone because you don't have to worry about future OS updates breaking it, or some advanced features like a Terminal (on Android and jailbroken iOS) which could allow someone knowledgeable to detect your malware.