Unhackable mobile phone?

Hello,

I am new to the Forum, and i was actually surprised not to find anything similar i am going to ask now.

Does anyone have suggestions what mobile phone to use which is not a possible listening device?

I don’t really know much about hackig at all, but i see suggestions everywhere that mobile phones can be hacked, of have backdoors build in, to turn it into a constant listening device without me ever noticing it. I really hate that thought.

I googled around but soon got the feeling that 90% of the articles are crap and i just dont’t know where to start looking.

Does someone have experience in this topic, or can point me out to sources so i can understand better the vulnerabilities of phones, and whats needed to counter them.

I am even thinking of not using a smartphone anymore and go back to my Nokia3310 or some flipphone (if that even helps).

Br
theharry

well, after 9/11, there is nothing that doesn't escape the grasp of the NSA, so sticking with a matrix esk phone, that should be your best bet, also even if you did block all the stuff, the NSA still has a lot of stuff that people haven't dug up, so looking like your from the 90's to ensure there isn't a government listening device, that sadly seems like your best bet

Or you make you own phone, and get your own SIP server get an AES-256 connection to that server, and you could make calls that way, but that seems like to much trouble

Making my own phone would be awsome. It would have a mechanical ON/OFF switch in the microphones connection xDD. And i don't know if the idea is actually too crazy, but it would defenatly take a while. I was also trying to find some information about a kind of "Hardwar Open Source" phone. But i had not much luck yet.

What do you mean with a "matrix esk phone"?

Just to be clear i am aware that everything is open as soon as connect somewhere (calling someone, access to the internet aso.), i dont't really can do anything about that. But my hope is at least to find find a possiblity, to be able to receive SMS and have incoming calls, whithout the phone being controlled remotely in any way.
I guess for people who know enough about it, it would be even easy to build just that.

It depends. (the dreaded answer of every question like this)

Here are a few scenarios, ill save the best for last.

Listening in on calls:

There are some encryption technologies (im not read up on them) that were developed. GCHQ deliberately buried a secure protocol in favour of their own less secure protocol that would allow undetected tapping of voip calls.

You can really assume standard voice calls are secure in any way. But you can secure them on pretty much any phone, so long as you use secure voip.

messaging:

Dont use SMS. Its that simple. signal messenger is considered to be secure. somthing slightly easier to transition the people you talk to over is telegram. Which has "secure messages" option, though theres some concern about there encryption, it probably needs tested.

The phone its self.

Phones have chips that you have no control over, even your old dumb phones (in fact they are probably the least secure of all), the chips have been considered to allow remote access to some extent for a while. The issue is that the seem to directly connect with memory allowing access to your information. I dont know of any actual attacks with this happening. But they may be secret.

If you run a libre OS you better protected against vulnerabilities and potential backdoors. Phones are still improving though as there are some design flaws now and then.

Consider as well, is cracking a phone really the issue your concerned about?

You said your worried about listening in. Cracking the phone isnt needed, its unlikely someone will try and break into your phone. You can track and listen in using the mobile provider its self (hence the need for encrypted calls/messages).

If someone was to break into your phone there more likely to try and make you download an app that will compromise the phone.

If you encrypt the phone, use encrypted services, and curate and verify your apps you install, your in a good place.

(as i mentioned, old dumb phones. there basically a walking speaker shouting what your up to)

Have a look at this https://neo900.org/

Not exactly your requirements, but its about all we have.

I'm not sure if i should be giving you this information or not. Do you mind me asking what you will be using it for? or is that confidential?

Welll uhh anyway I guess Ill try to give you a few helpful options.

If you don't want your phone listening to you when you are not using it. You might be able to root an android device and find an app that will disable the microphone when you are not in a call. If you are worried about people listening in on your conversations you can try a secure VoiP service.

Bye matrix esk I mean the one they use in the matrix so that when neo is in the matrix he can talk to Morpheus

There's no such think as 'unhackable' anything, this is just a pipe dream. If someone is motivated enough, they can find and/or create, then exploit a security flaw in anything that you are using.

What you want to do is to make the effort to compromise your phone outweigh the benefits.

The basic measures you can take is to root your phone and encrypt it, use only open source apps and a firewall. Host your own cloud for your data. Use encrypted communications (voip, messaging, email, internet). Disable geolocation/wifi/mobile data if you're not using them. These are just common sense.

There is a saying in software development "The best software is the one that never runs in the first place". So basically the safest phone in no phone at all :).

You can use custom ROMs for android devices, they are open source, but you will never be able so audit the software yourself, you probably have nor the knowledge nor the time, because the amount of code is huge. So you're still trusting (a number of) people to handle that for you, so once again you're out of luck. I suggest a technique called "having nothing to hide". And if you do, keep it of your phone, use PC's, more options for encryption and such.

Maybe? It was developed by Boeing. I think it's your best bet.

Blackphone 2 is coming out and is supposed to fix all the shortcomings blackphone 1 had.

Tanks Eden, very interesting stuff!

I defenatly have to look at encryption and voip.

So i you mentioned for someone to be able to listen in i would have to download something malicous for example.
But i also had the impression that cracking the phone and listen for some people is as easy as hacking webcams on a laptop with flashplayer installed(i hope thats a good example as i heard this should be really common).
Is it that dangerous for example on android phones and normal gsm flip phones, or was i mislead?

I kind of regret naming the topic "unhackable phone" because i figured thats an utopian idea. Still didt't wanted to cut it out if something promising is out there :).
The Black phone looks like a start.

Thanks for all answers, Br
harry

You answered your own question

So long as your keeping your core OS up to date your relatively safe from OS vulnerabilities. This has the caveat that you have to get a phone that you can update.

The majority (but not all) cases, this is how it would be done. take advantage of an installed vulnerable app, deliberately inject an app or modify it before you install it.

An android phone will give you far more options to secure your communications than a gsm flip phone, which is completely vulnerable to attack and listening in.

than a gsm flip phone, which is completely vulnerable to attack and listening in.

When someone uses dated technology for security reasons... it reminds me of this.

Very interesting.

I actually expected that GSM flipphones could be simple enough and a chance to not have any hidden backdoors and at least not allow control over the phone from the outside (forgetting about encryption for this).

But a little hacking around with Android sounds like fun and a nice place to start.

That looks nice! I can just hope it will be on Netflix soon.

They'll literally just listen in on you on the wire when you make calls or send texts. Hence our pushing encrypted technologies.

The actual issue I think you'd find more important is listening in on data/calls, not turning on your microphone. If your worried about that don't take your phone with you into private conversations. Old or new, they both have a microphone.

Have you seen the Black phone? looks pretty slick https://www.silentcircle.com/

Found it.

While reputable privacy proponents are involved with the development of the Blackphone, it is still proprietary hardware with many proprietary software components. I can understand trusting SilentCircle - the developer - to keep their word on protecting your privacy, but with so many proprietary and closed-source components, it's hard to trust their security. Their proprietary app Silent Phone is source-available for audit purposes, but that seems to be about it.

The best option for setting up a secure and privacy-oriented phone today is using CyanogenMod or Replicant as the base operating system for any of a number of off-the-shelf Android devices. Replicant is a fork of CyanogenMod, which is a fork of the Android Open Source Project (AOSP). Replicant is ideal as it provides you with a completely FOSS stack, but it has a relatively short list of supported devices and doesn't support GPS, Wi-Fi or Bluetooth in a fully FOSS configuration. CyanogenMod supports a lot of devices by shipping with the OEM-provided proprietary binary blobs required to interface with the hardware of those devices, which may contain intentional backdoors, or may have difficult-to-audit security vulnerabilities.

Once either OS is installed, use Android's in-built full system encryption to protect your private data in case your device is lost or stolen. Enable CyanogenMod's "Privacy Guard" feature by default to prevent applications from accessing your personal information without your explicit consent. Don't install Google Apps (gapps) as it comes with a number of privacy-and possibly-security-compromising artifacts; instead use the F-Droid app manager to install apps. Install the AFWall+ firewall app to manage network traffic - by default it functions as a whitelist of apps that are allowed to transmit network data. You can generally find all you need on F-Droid: web browsers, email and chat clients, maps/navigation, productivity apps, games and more. If you really want a proprietary app that isn't available on F-Droid, you can use Raccoon to install apps from the Play Store conveniently and with some privacy safeguards. CyanogenMod has in-built support for system-wide VPN, and Orbot + Orfox can be used to browse the web with Tor for a certain level of anonymity if used carefully.

For secure and private messaging, any non-SMS-based encrypted chat solution is ideal, such as ChatSecure. For SMS there is SMSSecure. For secure and private telephony, Signal is often cited as the ideal option, but unfortunately it currently depends on Google Apps being installed on the device. Fortunately, other, fully FOSS apps like Lumicall provide the exact same end-to-end encrypted telephony service.

You can find guides online for the details of all the above. In my experience it's pretty straight-forward and user-friendly once you get CyanogenMod on your device, the difficulty of which depends entirely on the device in question.

Good luck on your phone hacking adventures :)