Re: Reason for openmoko - bugsafe?
Edwin Lock wrote: My main point was if the state, well, anyone who had connections to the carriers, could turn the neo into a bug too.. And it seems that it isn't possible cause of the software mixer being off when the device is off :) Actually one may want to implement this on the OpenMoko themselves, as a phone-theft tracking system. Imagine being able to call your missing phone and enable at least GPS tracking so you can recover it. Being able to switch on audio recording to the flash storage, with periodic burst transmission to an Internet location of GPS points, audio samples and such might be useful for some applications as well. Leave it in a taxi in New York and plot the conversations and locations on a webpage, as part of a reality show... ;-) BTW, anyone have good leads on small Bluetooth camera lapel pins? It would be cool to have the OpenMoko able to record/recognize the faces of people I meet or places I visit. -Jeff ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
"Edwin Lock" <[EMAIL PROTECTED]> writes: > My main point was if the state, well, anyone who had connections to > the carriers, could turn the neo into a bug too.. And it seems that it > isn't possible cause of the software mixer being off when the device > is off :) For the German speakers I believe that Harald Welte discussed some of this with Tim Pritlov during an interview with Chaos radio in March this year, but I don't remember if that interview contains much security related information that hasn't allready been mentioned in this thread. http://chaosradio.ccc.de/cre042.html Niels ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Hi all, I've read the article in German. They are written about a stuff like this: Fabien schrieb: Just to (hopefully) clarify: I've read, probably from some very unreliable internet source, about a scheme where police make the carrier uploads an "improved" firmware over the air, which turns the phone into a microphone, even when not calling; it changes the shutdown function into a "pretend to shutdown yet go on spying"; the only fix would then be to remove batteries. As source "heise" cites an article from the very common political magazin "Spiegel"... Beside of updating the phone with an "improved firmware" they talking about using different signals (my 2cent: not mentioned in more detail) to switch on the hands-free set to be able to record/listen tothe environment noise of the phone -- as long as the phone is switched on. The second possibility mentioned in the news is that the phone will be switched to a "switched off" mode by turning off the screen and the speaker. In fact the mobile is still connected to the provider. Therefore the police has to work together with the provider (my 2cent: as mentioned above from Fabien via the firmware). And last but not least, the third method to change the phone to be able as a bug is to hack the mobile via BT, WLAN or IR and dropping a trojaner into it. my 2cents (only short): I think these parts has to be discussed more separatly. At least the third point (hacking the phone) can be handled and improved here. (using firewall, monitor, ...) And also the 2nd one is more difficult using a freed phone (as also stated from Fabien see below). For the first one. I'm not sure about the "signals" they're using. More technical detail are necessary (at least for me :) ). If you're talking about this, let's say that this kind of scheme is much harder to implement on an open-source phone, especially if you can run an arbitrary set of monitoring applications on it. It's not theoretically impossible, but probably completely impractical, even for a rogue state agency. Sorry for my bad english. Hope that helps to clarify the Topic... cheers -homyx ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Thanks a lot for all the answers! My main point was if the state, well, anyone who had connections to the carriers, could turn the neo into a bug too.. And it seems that it isn't possible cause of the software mixer being off when the device is off :) And david? I use gmail, yes ;) Luckily I can still control and decide what I write in gmail;) My concern was that the state, or carrier, could arbitrarily record everything in the surrounding. I reckoned they could record my conversations, sadly ;) Just to clarify, I wouldn't use gmail if it grabbed all my TCP/IP output of my pc and searched every file on my pc. As long as I know what google does and gets I am satisfied. I hope you understand. Lastly, why do you get the idea that I choose that phone cause it is more safe? I just got to read about it that way, I plan to buy it because of it's fantastic possibilities, both software and hardwarewise, touchscreen, linux, a lot of apps(ported and native) etc. But I am sure you know exactly why the neo is so great :) Thanks again! ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
On 7/15/07, David Lefty Schlesinger <[EMAIL PROTECTED]> wrote: I'm personally quite confident that if some government or other decides that they need to listen in on my conversations, my having a cellphone which won't cooperate with them isn't going to slow them down particularly. I'm also quite confident that I'm not interesting enough to any government for them to go to the trouble. On my list of "things to worry about", this possibility ranks a good bit below things like "being struck by lightning" and "being eaten by a Great White Shark". It shouldn't be something you ever have to worry about... much like I don't worry that my next breath will contain enough oxygen to sustain life. I have a deep, irrational, unshakable belief that there will be, just as much as I have a belief that I should be able to have a quiet, private conversation with whomever I chose. If I decide to let some datum be widely disseminated, I'll send it to a mailing list, or tell my friends to tell all their friends. Classic text - "why do you need pgp?" http://www.pgpi.org/doc/whypgp/en/ PGPfone manual: http://www.pgpi.org/cgi/download.cgi?filename=pgpfone10b7.pdf WRT the use of gmail by those who claim to be privacy nuts, a) it's trivial to create more gmail accounts with plausible names when you need them, and b) posting to a publicly archived mailing list from gmail isn't worse than not using gmail. Just be aware that whatever you say will be scanned and decide if you need to take technical measures to defeat that, based on the content of your message ... not unlike the telephone problem. Enjoy being a nobody. Enjoy being uninteresting to "them". Let's just hope you never accidentally emit the wrong phrase at the wrong time. http://www.theregister.co.uk/2005/07/29/bofh_2005_episode_22/ CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Lars Hallberg wrote: > I think the issue is if the phone can bug *any* conversation You have > when the phone is around, not only phone conversations. That is a > valid concern. And I believe Neo can be safe if we make sure to use > the mixer to turn of the mic/speaker connection to the gsm chip while > there is no active phonecall... That is... unless ti have a mic on the > gsm chip :-) I'm personally quite confident that if some government or other decides that they need to listen in on my conversations, my having a cellphone which won't cooperate with them isn't going to slow them down particularly. I'm also quite confident that I'm not interesting enough to any government for them to go to the trouble. On my list of "things to worry about", this possibility ranks a good bit below things like "being struck by lightning" and "being eaten by a Great White Shark". ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
David "Lefty" Schlesinger wrote: (And you're using _gmail_? Wow.) Good one! ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
On 7/15/07, Rodolphe Ortalo <[EMAIL PROTECTED]> wrote: Technically yes. However, legally, they cannot do this *arbitrarily*. technically / legally / arbitrarily: technically it's doable, we agree; arbitrariness can be debatted in courts indeed, if you ever get to a court. But the main concern of many people, nowadays, is the definition and reliability of legality, especially in the US. There are more and more loopholes allowing agencies to get away with illegal actions. Besides, if there are legal protections for US citizens, at least in theory, in case of economic intelligence, they can spy all they want on foreign companies and their employees. So if you value your privacy, you'd better bet on technology than on laws and respect thereof. That's an important part of openmoko's "take your freedom back" stand. Now, time to pack my tinfoil hat before this goes completely OT :) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Le dimanche 15 juillet 2007 à 18:46 +0200, Fabien a écrit : [...] > Finally, you can't do anything against geolocation either: your > carrier needs to know where you are in order to route calls to you, so > state agencies can retrieve that information directly from the > carrier, whatever your phone is, as soon as it's on. Technically yes. However, legally, they cannot do this *arbitrarily*. (Please note that going further into a definition of what is or is not arbitrary will probably lead us off-topic... :-) Rodolphe ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Le dimanche 15 juillet 2007 à 11:35 -0500, Simon a écrit : > > and the phone being able to be remotely turned on without > > the users knowledge, to act as a bug. > > Would that be some sort of "manipulation of private property" ? This notion of property of the phone could be manipulated too via properly arranged operators contracts that's not the main point. IMHO, the issue here is that it constitutes an invasion of your personal privacy which, if I am not mistaken, is related to a basic human right. Ref: (sorry, using a French source, but I guess you will recognize easily its origin) Art. XII de la Déclaration Universelle des Droits de l'Homme: "Nul ne sera l'objet d'immixtions arbitraires dans sa vie privée, son domicile ou sa correspondance..." (UNO, december 1948). IANAL etc. of course. And of course, I guess this basic right receive variable treatment in various countries. Rodolphe ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Just to (hopefully) clarify: I've read, probably from some very unreliable internet source, about a scheme where police make the carrier uploads an "improved" firmware over the air, which turns the phone into a microphone, even when not calling; it changes the shutdown function into a "pretend to shutdown yet go on spying"; the only fix would then be to remove batteries. If you're talking about this, let's say that this kind of scheme is much harder to implement on an open-source phone, especially if you can run an arbitrary set of monitoring applications on it. It's not theoretically impossible, but probably completely impractical, even for a rogue state agency. If you're simply talking about eavesdropping phone communications, it's done in the carrier's network, so your phone's brand is irrelevant. You can still use an open-source encrypted VOIP system over GPRS, if your contacts are willing to use a special program as well. Don't trust closed-source systems such as skype: the chances that they've caved in and offered states a possibility to eavesdrop are very close to 1.00. Finally, you can't do anything against geolocation either: your carrier needs to know where you are in order to route calls to you, so state agencies can retrieve that information directly from the carrier, whatever your phone is, as soon as it's on. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
David "Lefty" Schlesinger skrev: Okay, not to put too fine a point on it, but this is possibly the silliest reason ever for choosing one phone over another. Cell phone communications are transmitted via radio, and are trivial to eavesdrop on with the right equipment. I think the issue is if the phone can bug *any* conversation You have when the phone is around, not only phone conversations. That is a valid concern. And I believe Neo can be safe if we make sure to use the mixer to turn of the mic/speaker connection to the gsm chip while there is no active phonecall... That is... unless ti have a mic on the gsm chip :-) /LaH ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
and the phone being able to be remotely turned on without the users knowledge, to act as a bug. Would that be some sort of "manipulation of private property" ? ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
David "Lefty" Schlesinger wrote: Okay, not to put too fine a point on it, but this is possibly the silliest reason ever for choosing one phone over another. Cell phone communications are transmitted via radio, and are trivial to eavesdrop on with the right equipment. If you're actually worried about this possibility (and I can't really imagine why anyone would be), then you need not to use cell phones. In fact, you probably need to use nothing but randomly-selected _pay_ phones. There is a rather large difference between over-the-air security, which is debatable, and the phone being able to be remotely turned on without the users knowledge, to act as a bug. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Okay, not to put too fine a point on it, but this is possibly the silliest reason ever for choosing one phone over another. Cell phone communications are transmitted via radio, and are trivial to eavesdrop on with the right equipment. If you're actually worried about this possibility (and I can't really imagine why anyone would be), then you need not to use cell phones. In fact, you probably need to use nothing but randomly-selected _pay_ phones. (And you're using _gmail_? Wow.) Edwin Lock wrote: > http://www.heise.de/newsticker/meldung/92713 > > Hello Openmokoers! > This is actually the reason that I got to read about the openmoko, I > read an article about mobile phones being bug-able some time ago and > googled for an open linux phone. And I found the openmoko ;) > Just a quick question, what the police are doing, described in the > article, is this only software or can that be done with only the gsm > chip or so? My question is actually: Is the neo protected against this > kind of bugging or not? It's not that I'm a terrorist or so but I just > don't feel very safe otherwise ;) > Greetings, > Edwin Lock > > PS: Sorry, the article is in german.. > > ___ > OpenMoko community mailing list > community@lists.openmoko.org > http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
http://www.heise.de/newsticker/meldung/92713 Sorry cant read deutsch (yet)... =) You realize the communication is going from your phone to a network to another phone, right? Usually the Mafia will put a bug locally in your house, your phone, etc... The police will bug the network through which your conversation pass through. The only way to prevent this (other than by law*) is to encrypt the conversation, but then you need the transmitting phone and receiving pone to be "encryption" capable. Nothing the Neo can do... (but Neo to Neo could do it!) Also, if playing with encryption, i'd really do it over TCP/IP rather than VOICE to avoid the interference. *In my country (Canada), no one is allowed to bug me in any way unless they have a warrant, and usually such a warrant is given for big time criminals only. If i would know i was bugged by the police for no reason, i would sue, win, and retire! Simon This is actually the reason that I got to read about the openmoko, I read an article about mobile phones being bug-able some time ago and googled for an open linux phone. And I found the openmoko ;) Just a quick question, what the police are doing, described in the article, is this only software or can that be done with only the gsm chip or so? My question is actually: Is the neo protected against this kind of bugging or not? It's not that I'm a terrorist or so but I just don't feel very safe otherwise ;) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Reason for openmoko - bugsafe?
Edwin Lock wrote: http://www.heise.de/newsticker/meldung/92713 Hello Openmokoers! This is actually the reason that I got to read about the openmoko, I read an article about mobile phones being bug-able some time ago and googled for an open linux phone. And I found the openmoko ;) Just a quick question, what the police are doing, described in the article, is this only software or can that be done with only the gsm chip or so? My question is actually: Is the neo protected against this kind of bugging or not? It's not that I'm a terrorist or so but I just don't feel very safe otherwise ;) I haven't read the above article. I assume it's commenting on the possibility of vendor specific commands to turn the phone on as a bug remotely. In principle it's possible that TI has hidden this functionality in the GSM modem. However, the modem only has its only mic and speaker connections brought out to a software controllable mixer, so even if they were able to turn it on, nothing would happen - other than more power being used. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community