15

As this question on voicemail protection got answers veering more to protecting the mobile phone, I thought I should add a specific question on this topic.

There is already a question on protecting your Android phone

There is a wide range of attacks including the THC femtocell attack so all pointers welcome.

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
  • 1
    Similar to [What security risks exist in cell phone apps' data transfer?](http://security.stackexchange.com/questions/5034/what-security-risks-exist-in-cell-phone-apps-data-transfer) – this.josh Jul 15 '11 at 19:33

5 Answers5

10

You have to define what you are trying to protect and against whom. There are several assets:

  • Your geographical position
  • Who you call and who calls you
  • The contents of your conversations and SMS
  • Your phone bill

Then things are quite different, depending on whether the phone operator is a cooperative friend, a not-too-competent neutral third party, or an active attacker.

The phone bill is the simplest. If the operator is an attacker, then you are doomed. The theoretical countermeasure would be a tamper-resistant phone which records usage in a way which could convince a judge; I do not know of anything like that, although most phones keep a log of the most recent calls. If the operator is not an attacker, you have to trust the operator for not being hacked, and you also need to avoid your phone getting hacked, too. Smartphones, being full-fledge complex computers in their own right, with one or several network links active at all times (think about Bluetooth...), are susceptible to external hacking. So a non-smartphone may be advisable.

Anonymity concerns (geographical position, who you call and who calls you) are a hard problem. I heard that in some places, police services use cell phones to keep track of protesters in manifestations: a fake base station is setup, and broadcasts a big fat message of "I am the most powerful base station here, all phones in vicinity are to report immediately", and all the phones gladly answer "I am here !". If that situation is a concern for you, then you will need to "rotate" through numerous, short-lived receptors and accounts (obtained with fake names, of course), so this is expensive; and you will not receive calls, unless you use some VoIP software inside a VPN (so the operator sees that you connect to the VPN, but not what exits at the other side of that VPN).

A famous example of an anonymity concern, involving a satellite phone, occurred in 1996 with somewhat drastic consequences.

For the conversation contents, this is a question of encryption. In GSM phones, an algorithm called "A5" is used, with several variants: A5/0, A5/1, A5/2 and A5/3. A5/0 is "no encryption at all". A5/2 is "weak encryption", meant for export to countries of questionable reputation. A5/1 is a stream cipher which uses a 64-bit key but is actually weaker than that, with protection around 242.7 (the number may vary depending on how you count and some operational conditions such as the size of known cleartext; see this article for some details); that's much too low for comfort, so it should be assumed that the contents of A5/1-protected data can be learned by determined attackers (the Wikipedia page on A5/1 also cites some cracking efforts based on rainbow tables). A5/3 is also known as KASUMI and comes from the UMTS and GPRS worlds; it has some weaknesses but nothing fatal so far.

In any way, A5 encryption is only from the mobile phone to the nearest base station, so if the operator is an attacker (e.g. you are trying to evade legitimate eavesdropping by law enforcement agencies with which operators cooperate), then A5/x will not help you, regardless of what 'x' is. To survive that kind of attack, you need end-to-end encryption, which in turn requires a change of protocol, hence VoIP with custom encryption. An existing product is Zfone, from Phil Zimmermann (of PGP fame).

The biggest security conundrum here is that the standard protocols being quite bad at ensuring your security, you need a smartphone with custom software to obtain a reasonable level of protection; but security of the phone itself is also of paramount importance, and is much easier to achieve with a dumbphone.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
8

First off, realize that if you're putting your calendar, email, address book, notes and many other important data on a very easy-to-loose device, then you're taking a big step away from 'data is secure' and over to 'data is conveniently accessible'.

That said:

  • Turn on iOS's automatic Passcode Lock (screen lock with PIN/passcode after a set time). In the "Passcode Lock" sub-menu, turn on "Erase Data" after 10 failed passcode attempts.

  • Register for Apple's free MobileMe service. It provides a free "Find my phone" service, and crucially a remote device wipe feature.

  • Always keep your iPhone software up to date.

  • Consider not synchronizing important data to the phone in the first place. Use fx remote desktop style services, or web applications, and utilize the phone as a 'dumb terminal' which connects to a remote service which requires authentication.

  • 1
    Looks like [MobileMe is being transitioned to iCloud](http://www.apple.com/mobileme/transition.html). – this.josh Jul 15 '11 at 19:27
  • *"Always keep your iPhone software up to date."* I'd like to believe that this is good, universal advice, but with Apple's recent talks of scanning users' iCloud photos in upcoming versions of iOS, actions like that sometimes leave me hesitant. I guess that's probably better than some potential root exploit in an old version of iOS. – Simon East Nov 19 '21 at 08:51
3

I don't have a general answer on how to stop your phone being hacked, but there are some good answers and info at Best practices for securing an android device that you might be able to use for other phones as well.

Chris Dale
  • 16,149
  • 10
  • 57
  • 97
  • well, you have already covered the Android one beautifully. So I have tweaked this one to be iPhone specific. – Rory Alsop Jul 15 '11 at 15:27
3

I wrote a three tips paper for Naked Security on this very topic (although designed for consumers): the TL;DR is:

  • Set a passcode
  • Don't jailbreak
  • Be suspicious of following hyperlinks

The ones that didn't make the cut are:

  • don't automatically join wireless networks
  • avoid free insecure wi-fi
  • set up MobileMe/iCloud (or your MDM, in the enterprise) remote wiping

Then, more appropriate for business security needs, we can add:

  • only allow smartphone access to data that needs to be accessed via smartphones
  • require and ensure that third-party apps with access to business data use data protection
  • require end-to-end encryption of data received by smartphones from in-house or hosted services
  • use mutual SSL authentication to ensure that your well-configured iPhones are talking to your real servers
  • require VPN use to connect a smartphone to sensitive services, to protect against attackers on the "final mile", in case that wi-fi network isn't trustworthy after all
  • discover whether apps allow exfiltration of files via e.g. DropBox/iCloud sync, and whether this can be controlled centrally
  • ensure app access to data hosted on company servers is logged and reviewed
2

Some things to consider:

  • Use simple phones, no smartphones and no FOTA updates
  • Check if your phone supports and enforces GSM crypto and does not fall back into plaintext transfer. This is often used by law enforcement(IMSI catcher) and you can build your own IMSI catchers by today(see last CCC congress).
  • Ultimately, do not trust your provider: Use end-to-end encryption like in, e.g., cryptophone.

Note that even German secret service is known to interpret shutting of phones or using special phones or multiple phones as "conspirative behavior". Using crypto where others don't generally makes you stand out. This is also true for services like Tor.

pepe
  • 3,536
  • 14
  • 14