3

I'm talking about a class of old mobile phones that are not smartphones but are still (theoretically) Internet-capable, at least via 3G. Examples of such phones include Series 40 Nokia phones or the Samsung phone featured in Spectre (OK that one at least is still available so I have to retract the 'old' word). Note these phones enable running user code via their Java thingy. Symbian phones, however, are out of the scope of my question.

Note I don't ask about browsing the Internet with such phones - these capabilities are, in my experience, often all but useless nowadays anyway. Instead, I mean carrying the phone around while it is switched on and making phone calls.

Until recently I assumed these phones were too simple and too old to be unsafe... But is this really correct? It suddenly struck me that these phones are likely directly routable from the Internet through an IPv4 address - which sounds pretty horrible, doesn't it? Aren't these phones, therefore, under a constant scan? To make things worse, many of such phones are very unlikely to receive updates (are they even technically capable of updating themselves?)

In short - one may not wish to use the internet with their phone - but will the internet forget about them?

This question asks about dumbphones. My question asks about phones that are in-between of dumbphones and smartphones - that already provide attack vectors (Internet, user code, ...?) but not precautions (updates, app scanning, ...?) of smartphones. It would therefore seem that such phones are the worst?

And yet there is, from my experience, noticeable demand for these in-between phones: namely from older people who seek the ease of use of a dumbphone, fear they could not manage to use a smartphone but won't use a true dumbphone because of their diminished availability. This, I believe, makes my question important.

Little bonus that made me ask this Q - some time ago my old Series 40 Nokia phone started showing me a weird message briefly each time I switched it on. The message was saying (IIRC) that my phone was sending some message. What message? Where? I remember seeing this message quite often during my country vacation, but now I switched this phone off and on again, hoping to provoke this message, but it is gone. I suppose this is benign?

gaazkam
  • 5,657
  • 11
  • 24
  • 38
  • I am a bit confused, what do you mean by "directly routable from the internet through IPv4 address"? – Rashad Novruzov Feb 07 '20 at 20:10
  • @RashadNovruzov Well since they're 3G enabled the ISP assigns every such phone a public IPv4 address, don't they? Now these phones are not behind any sort of NAT or firewall... – gaazkam Feb 07 '20 at 20:12
  • Might I ask why does this question 'need more focus'? Am I supposed to ask about a particular Nokia phone model, rather than about a whole class of phones? But this wouldn't make much sense? Or am I supposed to ask about a particular piece of malware? But this would still seem far less useful than asking if the phone can be compromised just by wearing it and making phone calls with it? – gaazkam Feb 07 '20 at 20:21
  • This question: [How can malware immediately infect a Windows XP computer as soon as it goes online without any user action?](https://security.stackexchange.com/questions/185642/how-can-malware-immediately-infect-a-windows-xp-computer-as-soon-as-it-goes-onli) was well received... OK so asking HOW can such a threat happen on WinXP is OK but asking IF something similar is a thing on a well-defined class of mobile phones is not OK? I don't understand. – gaazkam Feb 07 '20 at 20:22
  • Everyone has a different threats model, perhaps having a dumb phone compromised means you'll be on the receiving end of a drone strike. Or your mentally unstable and abusive husband will find you and harm you and your children. Don't expect the risk understanding of strangers to apply to you. – wireghoul Feb 09 '20 at 08:35

1 Answers1

0

Well, first of all you are behind a NAT of a cell phone operator equipment. Secondly, your IP changes frequently - reconnecting to different cell towers will do that (there are many factors to that). Thirdly - there are have to be either zero-day vulnerability or some services running on your phone accepting external requests to be vulnerable.

Phones are way more susceptible to 0 day vulnerabilities and MiTM attacks by impersonating wifi APs and Cell Towers (they are available for purchase and can fit in a rucksack) rather than directly from cell network.

Most of this attacks are being done by injecting javascripts through the browser when you are being served by malicious actors (wifi\cell tower impersonation). So disabling that will solve most vulnerability issues.

Rashad Novruzov
  • 678
  • 3
  • 13